subject:"Invalid Hash via SOAP API call"

Re: Invalid Hash via SOAP API call

2020-03-27 Thread Daniel Baker


ok  maybe for another time.


Thanks

On 27/03/2020 15:18, Maxim Solodovnik wrote:

The only possible ways to achieve this:
1) incognito tabs (should work)
2) different browsers

I'm not aware of other ways to isolate browser session

It is can be done on server
But it will be HUGE changes :(((

On Fri, 27 Mar 2020 at 22:16, Daniel Baker 
mailto:i...@collisiondetection.biz>> wrote:


Would it not  be beneficial  to be able to  have the user  be 
able to have access to different  rooms at the same  time  without
receiving an error?



On 27/03/2020 15:07, Maxim Solodovnik wrote:

`open in same browser`
This is the question I have asked million times 
multiple tabs/windows share _the same_ session
You can't be loggen in with different hashes and have same session

once in ~30 seconds page ping back to refresh session
and you got "Access denied"
expected

On Fri, 27 Mar 2020 at 21:54, Daniel Baker
mailto:i...@collisiondetection.biz>> wrote:

Yes  I can  reproduce  this.


If I have  2  different  rooms ( room 29 , 31 ) open  in
same  browser   invalid  hash is  shown.

It also  happens  if  I have   2  rooms  the same ( 29, 29,
... )


It  actually  takes *some time,   30 seconds* or so  for  the
Invalid  hash  error to show.


Thanks,


Dan

On 27/03/2020 05:07, Maxim Solodovnik wrote:

Well,

just tested hashes
This error is only observed in case multiple tabs are opened
in the same browser

Is this issue reproducible for you if there is only one user
in the room?

Can you test this behavior with latest M4
(new version of Moodle plugin will be required)

On Thu, 26 Mar 2020 at 14:12, Maxim Solodovnik
mailto:solomax...@gmail.com>> wrote:

According to above access log
This URL

/openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
has been queried 2 times
First one was

/openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
Second

/openmeetings/hash;jsessionid=CE0DC1A368404F8AFDCE934313E81C96?secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1

Since secureHash is one-time hash here might be the issue
It is not clear why session was invalidated .
I'll try to perform more test tonight/tomorrow

On Thu, 26 Mar 2020 at 13:49, Daniel Baker
mailto:i...@collisiondetection.biz>> wrote:

No other  OM logins.


I  actually  titled this  wrong, it  is a  REST 
call not  SOAP.


Thanks,


Dan


On 26/03/2020 00:27, Maxim Solodovnik wrote:

is it possible OM was opened in second tab with
active login?

On Thu, 26 Mar 2020 at 04:15, Daniel Baker
mailto:i...@collisiondetection.biz>> wrote:

Not sure  why  I am getting this  during 
entering of a room :


I get invalid  hash / Access denied   show in
the browser:


image



The  url  looks  like this which seems correct 
to my understanding  :


tail -f localhost_access_log.2020-03-25

XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:27 +]
"GET

/openmeetings/services/user/login?&user=admin&pass=PASSWORD%40
HTTP/1.1" 200 96
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:27 +]
"POST

/openmeetings/services/user/hash?&sid=973f7132-39f7-47d0-b614-7845c4ed0411
HTTP/1.1" 200 96
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +]
"GET

/openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
HTTP/1.1" 200 7231
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +]
"GET
/openmeetings/css/theme_om/jquery-ui.min.css
HTTP/1.1" 304 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +]
"GET /openmeetings/css/theme.css HTTP/1.1" 304 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +]
"GET /openmeetings/css/custom.css HTTP/1.1" 304 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +]
"-" 400 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +]
"-" 400 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:29 +]
"GET

/openmeetings/services/user/login?&user=

Re: Invalid Hash via SOAP API call

2020-03-27 Thread Maxim Solodovnik

The only possible ways to achieve this:
1) incognito tabs (should work)
2) different browsers

I'm not aware of other ways to isolate browser session

It is can be done on server
But it will be HUGE changes :(((

On Fri, 27 Mar 2020 at 22:16, Daniel Baker 
wrote:

> Would it not  be beneficial  to be able to  have the   user  be  able to
> have access to different  rooms at the same  time  without receiving an
> error?
>
>
>
> On 27/03/2020 15:07, Maxim Solodovnik wrote:
>
> `open in same browser`
> This is the question I have asked million times 
> multiple tabs/windows share _the same_ session
> You can't be loggen in with different hashes and have same session
>
> once in ~30 seconds page ping back to refresh session
> and you got "Access denied"
> expected
>
> On Fri, 27 Mar 2020 at 21:54, Daniel Baker 
> wrote:
>
>> Yes  I can  reproduce  this.
>>
>>
>> If I have  2  different  rooms ( room 29 , 31 )   open  in same  browser
>>   invalid  hash is  shown.
>>
>> It also  happens  if  I have   2  rooms  the  same ( 29, 29, ... )
>>
>>
>> It  actually  takes * some time,   30 seconds* or so  for  the Invalid
>> hash  error to show.
>>
>>
>> Thanks,
>>
>>
>> Dan
>> On 27/03/2020 05:07, Maxim Solodovnik wrote:
>>
>> Well,
>>
>> just tested hashes
>> This error is only observed in case multiple tabs are opened in the same
>> browser
>>
>> Is this issue reproducible for you if there is only one user in the room?
>>
>> Can you test this behavior with latest M4
>> (new version of Moodle plugin will be required)
>>
>> On Thu, 26 Mar 2020 at 14:12, Maxim Solodovnik 
>> wrote:
>>
>>> According to above access log
>>> This URL
>>> /openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
>>> has been queried 2 times
>>> First one was
>>>
>>> /openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
>>> Second
>>>
>>> /openmeetings/hash;jsessionid=CE0DC1A368404F8AFDCE934313E81C96?secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
>>>
>>> Since secureHash is one-time hash here might be the issue
>>> It is not clear why session was invalidated .
>>> I'll try to perform more test tonight/tomorrow
>>>
>>> On Thu, 26 Mar 2020 at 13:49, Daniel Baker 
>>> wrote:
>>>
 No other  OM logins.


 I  actually  titled this  wrong,  it  is a  REST  call not  SOAP.


 Thanks,


 Dan


 On 26/03/2020 00:27, Maxim Solodovnik wrote:

 is it possible OM was opened in second tab with active login?

 On Thu, 26 Mar 2020 at 04:15, Daniel Baker 
 wrote:

> Not sure  why  I am getting this  during  entering of a room :
>
>
> I get invalid  hash / Access denied   show in the browser:
>
>
> [image: image]
>
>
> The  url  looks  like this  which seems correct  to my understanding  :
>
>
>  tail -f localhost_access_log.2020-03-25
>
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:27 +] "GET
> /openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1"
> 200 96
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:27 +] "POST
> /openmeetings/services/user/hash?&sid=973f7132-39f7-47d0-b614-7845c4ed0411
> HTTP/1.1" 200 96
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
> /openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
> HTTP/1.1" 200 7231
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
> /openmeetings/css/theme_om/jquery-ui.min.css HTTP/1.1" 304 -
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
> /openmeetings/css/theme.css HTTP/1.1" 304 -
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
> /openmeetings/css/custom.css HTTP/1.1" 304 -
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "-" 400 -
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "-" 400 -
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:29 +] "GET
> /openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1"
> 200 96
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:29 +] "GET
> /openmeetings/services/room/32?&sid=25d019cb-728c-4c7e-a88e-88910b3eae51
> HTTP/1.1" 200 444
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:30 +] "GET
> /openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1"
> 200 96
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:30 +] "POST
> /openmeetings/services/user/hash?&sid=bd8227ad-88d1-41ba-b4ce-69239844e5a1
> HTTP/1.1" 200 96
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:32 +] "GET
> **/openmeetings/wicket/bookmarkable/org.apache.openmeetings.web.pages.HashPage?0-1.0
> *-access~denied*&secure=9c271470-cfaa-4e95-9d64-**9210b9e4a7cc&language=1&_=1585164268523
> HTTP/1.1" 200 180
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:32 +] "GET
> /openmeetings/hash;jsessionid=CE0DC1A368404F8AFDCE934313E81C96?secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
> HTTP/1.1" 200 7328
> XX.XXX.XXX.XXX

Re: Invalid Hash via SOAP API call

2020-03-27 Thread Daniel Baker

Would it not  be beneficial  to be able to  have the   user  be able to 
have access to different  rooms at the same  time  without receiving an 
error?




On 27/03/2020 15:07, Maxim Solodovnik wrote:

`open in same browser`
This is the question I have asked million times 
multiple tabs/windows share _the same_ session
You can't be loggen in with different hashes and have same session

once in ~30 seconds page ping back to refresh session
and you got "Access denied"
expected

On Fri, 27 Mar 2020 at 21:54, Daniel Baker 
mailto:i...@collisiondetection.biz>> wrote:


Yes  I can  reproduce  this.


If I have  2  different  rooms ( room 29 , 31 )   open in same 
browser   invalid  hash is  shown.

It also  happens  if  I have   2  rooms  the  same ( 29, 29, ... )


It  actually  takes *some time,   30 seconds* or so  for  the
Invalid  hash  error to show.


Thanks,


Dan

On 27/03/2020 05:07, Maxim Solodovnik wrote:

Well,

just tested hashes
This error is only observed in case multiple tabs are opened in
the same browser

Is this issue reproducible for you if there is only one user in
the room?

Can you test this behavior with latest M4
(new version of Moodle plugin will be required)

On Thu, 26 Mar 2020 at 14:12, Maxim Solodovnik
mailto:solomax...@gmail.com>> wrote:

According to above access log
This URL

/openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
has been queried 2 times
First one was

/openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
Second

/openmeetings/hash;jsessionid=CE0DC1A368404F8AFDCE934313E81C96?secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1

Since secureHash is one-time hash here might be the issue
It is not clear why session was invalidated .
I'll try to perform more test tonight/tomorrow

On Thu, 26 Mar 2020 at 13:49, Daniel Baker
mailto:i...@collisiondetection.biz>> wrote:

No other  OM logins.


I  actually  titled this  wrong,  it  is a REST  call
not  SOAP.


Thanks,


Dan


On 26/03/2020 00:27, Maxim Solodovnik wrote:

is it possible OM was opened in second tab with active
login?

On Thu, 26 Mar 2020 at 04:15, Daniel Baker
mailto:i...@collisiondetection.biz>> wrote:

Not sure  why  I am getting this during  entering of
a room :


I get invalid  hash / Access denied show in the browser:


image



The  url  looks  like this  which seems correct  to
my understanding  :


tail -f localhost_access_log.2020-03-25

XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:27 +] "GET
/openmeetings/services/user/login?&user=admin&pass=PASSWORD%40
HTTP/1.1" 200 96
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:27 +]
"POST

/openmeetings/services/user/hash?&sid=973f7132-39f7-47d0-b614-7845c4ed0411
HTTP/1.1" 200 96
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET

/openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
HTTP/1.1" 200 7231
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
/openmeetings/css/theme_om/jquery-ui.min.css
HTTP/1.1" 304 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
/openmeetings/css/theme.css HTTP/1.1" 304 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
/openmeetings/css/custom.css HTTP/1.1" 304 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "-"
400 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "-"
400 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:29 +] "GET
/openmeetings/services/user/login?&user=admin&pass=PASSWORD%40
HTTP/1.1" 200 96
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:29 +] "GET

/openmeetings/services/room/32?&sid=25d019cb-728c-4c7e-a88e-88910b3eae51
HTTP/1.1" 200 444
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:30 +] "GET
/openmeetings/services/user/login?&user=admin&pass=PASSWORD%40
HTTP/1.1" 200 96
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:30 +]
"POST

/openmeetings/services/user/hash?&sid=bd8227ad-88d1-41ba-b4ce-69239844e5a1
HTTP/1.1" 200 96
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:32 +] "GET

**/openmeetings/wicket/bookmarkable/org.apache.openmeetings.web.pages.HashPage?0-1.0*-access~denied*&secu

Re: Invalid Hash via SOAP API call

2020-03-27 Thread Maxim Solodovnik

`open in same browser`
This is the question I have asked million times 
multiple tabs/windows share _the same_ session
You can't be loggen in with different hashes and have same session

once in ~30 seconds page ping back to refresh session
and you got "Access denied"
expected

On Fri, 27 Mar 2020 at 21:54, Daniel Baker 
wrote:

> Yes  I can  reproduce  this.
>
>
> If I have  2  different  rooms ( room 29 , 31 )   open  in same  browser
> invalid  hash is  shown.
>
> It also  happens  if  I have   2  rooms  the  same ( 29, 29, ... )
>
>
> It  actually  takes * some time,   30 seconds* or so  for  the Invalid
> hash  error to show.
>
>
> Thanks,
>
>
> Dan
> On 27/03/2020 05:07, Maxim Solodovnik wrote:
>
> Well,
>
> just tested hashes
> This error is only observed in case multiple tabs are opened in the same
> browser
>
> Is this issue reproducible for you if there is only one user in the room?
>
> Can you test this behavior with latest M4
> (new version of Moodle plugin will be required)
>
> On Thu, 26 Mar 2020 at 14:12, Maxim Solodovnik 
> wrote:
>
>> According to above access log
>> This URL
>> /openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
>> has been queried 2 times
>> First one was
>> /openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
>> Second
>>
>> /openmeetings/hash;jsessionid=CE0DC1A368404F8AFDCE934313E81C96?secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
>>
>> Since secureHash is one-time hash here might be the issue
>> It is not clear why session was invalidated .
>> I'll try to perform more test tonight/tomorrow
>>
>> On Thu, 26 Mar 2020 at 13:49, Daniel Baker 
>> wrote:
>>
>>> No other  OM logins.
>>>
>>>
>>> I  actually  titled this  wrong,  it  is a  REST  call not  SOAP.
>>>
>>>
>>> Thanks,
>>>
>>>
>>> Dan
>>>
>>>
>>> On 26/03/2020 00:27, Maxim Solodovnik wrote:
>>>
>>> is it possible OM was opened in second tab with active login?
>>>
>>> On Thu, 26 Mar 2020 at 04:15, Daniel Baker 
>>> wrote:
>>>
 Not sure  why  I am getting this  during  entering of a room :


 I get invalid  hash / Access denied   show in the browser:


 [image: image]


 The  url  looks  like this  which seems correct  to my understanding  :


  tail -f localhost_access_log.2020-03-25

 XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:27 +] "GET
 /openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1"
 200 96
 XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:27 +] "POST
 /openmeetings/services/user/hash?&sid=973f7132-39f7-47d0-b614-7845c4ed0411
 HTTP/1.1" 200 96
 XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
 /openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
 HTTP/1.1" 200 7231
 XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
 /openmeetings/css/theme_om/jquery-ui.min.css HTTP/1.1" 304 -
 XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
 /openmeetings/css/theme.css HTTP/1.1" 304 -
 XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
 /openmeetings/css/custom.css HTTP/1.1" 304 -
 XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "-" 400 -
 XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "-" 400 -
 XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:29 +] "GET
 /openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1"
 200 96
 XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:29 +] "GET
 /openmeetings/services/room/32?&sid=25d019cb-728c-4c7e-a88e-88910b3eae51
 HTTP/1.1" 200 444
 XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:30 +] "GET
 /openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1"
 200 96
 XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:30 +] "POST
 /openmeetings/services/user/hash?&sid=bd8227ad-88d1-41ba-b4ce-69239844e5a1
 HTTP/1.1" 200 96
 XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:32 +] "GET
 **/openmeetings/wicket/bookmarkable/org.apache.openmeetings.web.pages.HashPage?0-1.0
 *-access~denied*&secure=9c271470-cfaa-4e95-9d64-**9210b9e4a7cc&language=1&_=1585164268523
 HTTP/1.1" 200 180
 XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:32 +] "GET
 /openmeetings/hash;jsessionid=CE0DC1A368404F8AFDCE934313E81C96?secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
 HTTP/1.1" 200 7328
 XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "-" 400 -
 XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "-" 400 -
 XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "-" 400 -
 XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "GET
 /openmeetings/wicket/resource/com.googlecode.wicket.kendo.ui.theme.Initializer/kendo.default.mobile.min-ver-70A144DCABA4386C973AE2446CA25F3D.css
 HTTP/1.1" 200 111339
 XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "GET
 /openmeetings/css/theme_om/jquery-ui.min.css HTTP/1.1" 304 -



 OM  Version :


 Name OpenMeetings  Version5.0.0-M3 Revisionb739f

Re: Invalid Hash via SOAP API call

2020-03-27 Thread Daniel Baker


Yes  I can  reproduce  this.


If I have  2  different  rooms ( room 29 , 31 )   open  in same browser 
  invalid  hash is  shown.


It also  happens  if  I have   2  rooms  the  same ( 29, 29, ... )


It  actually  takes *some time,   30 seconds* or so  for the Invalid  
hash  error to show.



Thanks,


Dan

On 27/03/2020 05:07, Maxim Solodovnik wrote:

Well,

just tested hashes
This error is only observed in case multiple tabs are opened in the 
same browser


Is this issue reproducible for you if there is only one user in the room?

Can you test this behavior with latest M4
(new version of Moodle plugin will be required)

On Thu, 26 Mar 2020 at 14:12, Maxim Solodovnik > wrote:


According to above access log
This URL
/openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
has been queried 2 times
First one was
/openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
Second

/openmeetings/hash;jsessionid=CE0DC1A368404F8AFDCE934313E81C96?secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1

Since secureHash is one-time hash here might be the issue
It is not clear why session was invalidated .
I'll try to perform more test tonight/tomorrow

On Thu, 26 Mar 2020 at 13:49, Daniel Baker
mailto:i...@collisiondetection.biz>>
wrote:

No other  OM logins.


I  actually  titled this  wrong,  it  is a  REST call not  SOAP.


Thanks,


Dan


On 26/03/2020 00:27, Maxim Solodovnik wrote:

is it possible OM was opened in second tab with active login?

On Thu, 26 Mar 2020 at 04:15, Daniel Baker
mailto:i...@collisiondetection.biz>> wrote:

Not sure  why  I am getting this  during entering of a room :


I get invalid  hash / Access denied   show in the browser:


image



The  url  looks  like this  which seems correct  to my
understanding  :


tail -f localhost_access_log.2020-03-25

XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:27 +] "GET
/openmeetings/services/user/login?&user=admin&pass=PASSWORD%40
HTTP/1.1" 200 96
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:27 +] "POST

/openmeetings/services/user/hash?&sid=973f7132-39f7-47d0-b614-7845c4ed0411
HTTP/1.1" 200 96
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET

/openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
HTTP/1.1" 200 7231
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
/openmeetings/css/theme_om/jquery-ui.min.css HTTP/1.1" 304 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
/openmeetings/css/theme.css HTTP/1.1" 304 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
/openmeetings/css/custom.css HTTP/1.1" 304 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "-" 400 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "-" 400 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:29 +] "GET
/openmeetings/services/user/login?&user=admin&pass=PASSWORD%40
HTTP/1.1" 200 96
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:29 +] "GET

/openmeetings/services/room/32?&sid=25d019cb-728c-4c7e-a88e-88910b3eae51
HTTP/1.1" 200 444
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:30 +] "GET
/openmeetings/services/user/login?&user=admin&pass=PASSWORD%40
HTTP/1.1" 200 96
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:30 +] "POST

/openmeetings/services/user/hash?&sid=bd8227ad-88d1-41ba-b4ce-69239844e5a1
HTTP/1.1" 200 96
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:32 +] "GET

**/openmeetings/wicket/bookmarkable/org.apache.openmeetings.web.pages.HashPage?0-1.0*-access~denied*&secure=9c271470-cfaa-4e95-9d64-**9210b9e4a7cc&language=1&_=1585164268523
HTTP/1.1" 200 180
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:32 +] "GET

/openmeetings/hash;jsessionid=CE0DC1A368404F8AFDCE934313E81C96?secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
HTTP/1.1" 200 7328
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "-" 400 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "-" 400 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "-" 400 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "GET

/openmeetings/wicket/resource/com.googlecode.wicket.kendo.ui.theme.Initializer/kendo.default.mobile.min-ver-70A144DCABA4386C973AE2446CA25F3D.css
HTTP/1.1" 200 111339
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "GET
/openmeetings/css/theme_om/jquery-ui.min.css HTTP/1.1" 304 -



OM  Version :


Name OpenMeetings

Re: Invalid Hash via SOAP API call

2020-03-26 Thread Maxim Solodovnik

Well,

just tested hashes
This error is only observed in case multiple tabs are opened in the same
browser

Is this issue reproducible for you if there is only one user in the room?

Can you test this behavior with latest M4
(new version of Moodle plugin will be required)

On Thu, 26 Mar 2020 at 14:12, Maxim Solodovnik  wrote:

> According to above access log
> This URL
> /openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
> has been queried 2 times
> First one was
> /openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
> Second
>
> /openmeetings/hash;jsessionid=CE0DC1A368404F8AFDCE934313E81C96?secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
>
> Since secureHash is one-time hash here might be the issue
> It is not clear why session was invalidated .
> I'll try to perform more test tonight/tomorrow
>
> On Thu, 26 Mar 2020 at 13:49, Daniel Baker 
> wrote:
>
>> No other  OM logins.
>>
>>
>> I  actually  titled this  wrong,  it  is a  REST  call not  SOAP.
>>
>>
>> Thanks,
>>
>>
>> Dan
>>
>>
>> On 26/03/2020 00:27, Maxim Solodovnik wrote:
>>
>> is it possible OM was opened in second tab with active login?
>>
>> On Thu, 26 Mar 2020 at 04:15, Daniel Baker 
>> wrote:
>>
>>> Not sure  why  I am getting this  during  entering of a room :
>>>
>>>
>>> I get invalid  hash / Access denied   show in the browser:
>>>
>>>
>>> [image: image]
>>>
>>>
>>> The  url  looks  like this  which seems correct  to my understanding  :
>>>
>>>
>>>  tail -f localhost_access_log.2020-03-25
>>>
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:27 +] "GET
>>> /openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1"
>>> 200 96
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:27 +] "POST
>>> /openmeetings/services/user/hash?&sid=973f7132-39f7-47d0-b614-7845c4ed0411
>>> HTTP/1.1" 200 96
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
>>> /openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
>>> HTTP/1.1" 200 7231
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
>>> /openmeetings/css/theme_om/jquery-ui.min.css HTTP/1.1" 304 -
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
>>> /openmeetings/css/theme.css HTTP/1.1" 304 -
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
>>> /openmeetings/css/custom.css HTTP/1.1" 304 -
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "-" 400 -
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "-" 400 -
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:29 +] "GET
>>> /openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1"
>>> 200 96
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:29 +] "GET
>>> /openmeetings/services/room/32?&sid=25d019cb-728c-4c7e-a88e-88910b3eae51
>>> HTTP/1.1" 200 444
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:30 +] "GET
>>> /openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1"
>>> 200 96
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:30 +] "POST
>>> /openmeetings/services/user/hash?&sid=bd8227ad-88d1-41ba-b4ce-69239844e5a1
>>> HTTP/1.1" 200 96
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:32 +] "GET
>>> **/openmeetings/wicket/bookmarkable/org.apache.openmeetings.web.pages.HashPage?0-1.0
>>> *-access~denied*&secure=9c271470-cfaa-4e95-9d64-**9210b9e4a7cc&language=1&_=1585164268523
>>> HTTP/1.1" 200 180
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:32 +] "GET
>>> /openmeetings/hash;jsessionid=CE0DC1A368404F8AFDCE934313E81C96?secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
>>> HTTP/1.1" 200 7328
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "-" 400 -
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "-" 400 -
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "-" 400 -
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "GET
>>> /openmeetings/wicket/resource/com.googlecode.wicket.kendo.ui.theme.Initializer/kendo.default.mobile.min-ver-70A144DCABA4386C973AE2446CA25F3D.css
>>> HTTP/1.1" 200 111339
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "GET
>>> /openmeetings/css/theme_om/jquery-ui.min.css HTTP/1.1" 304 -
>>>
>>>
>>>
>>> OM  Version :
>>>
>>>
>>> Name OpenMeetings  Version5.0.0-M3 Revisionb739f87 Build 
>>> date2019-12-11T11:42:09Z
>>>
>>>
>>> I  can see access denied in the log so  that pinpoints it somewhat.  Is
>>> there a way  to see my  SOAP call is  correct  or a  verbose  logging mode ?
>>>
>>> Thanks,
>>>
>>> Dan
>>>
>>
>>
>> --
>> WBR
>> Maxim aka solomax
>>
>>
>
> --
> WBR
> Maxim aka solomax
>


-- 
WBR
Maxim aka solomax

Re: Invalid Hash via SOAP API call

2020-03-26 Thread Maxim Solodovnik

According to above access log
This URL
/openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
has been queried 2 times
First one was
/openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
Second
/openmeetings/hash;jsessionid=CE0DC1A368404F8AFDCE934313E81C96?secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1

Since secureHash is one-time hash here might be the issue
It is not clear why session was invalidated .
I'll try to perform more test tonight/tomorrow

On Thu, 26 Mar 2020 at 13:49, Daniel Baker 
wrote:

> No other  OM logins.
>
>
> I  actually  titled this  wrong,  it  is a  REST  call not  SOAP.
>
>
> Thanks,
>
>
> Dan
>
>
> On 26/03/2020 00:27, Maxim Solodovnik wrote:
>
> is it possible OM was opened in second tab with active login?
>
> On Thu, 26 Mar 2020 at 04:15, Daniel Baker 
> wrote:
>
>> Not sure  why  I am getting this  during  entering of a room :
>>
>>
>> I get invalid  hash / Access denied   show in the browser:
>>
>>
>> [image: image]
>>
>>
>> The  url  looks  like this  which seems correct  to my understanding  :
>>
>>
>>  tail -f localhost_access_log.2020-03-25
>>
>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:27 +] "GET
>> /openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1"
>> 200 96
>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:27 +] "POST
>> /openmeetings/services/user/hash?&sid=973f7132-39f7-47d0-b614-7845c4ed0411
>> HTTP/1.1" 200 96
>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
>> /openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
>> HTTP/1.1" 200 7231
>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
>> /openmeetings/css/theme_om/jquery-ui.min.css HTTP/1.1" 304 -
>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
>> /openmeetings/css/theme.css HTTP/1.1" 304 -
>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
>> /openmeetings/css/custom.css HTTP/1.1" 304 -
>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "-" 400 -
>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "-" 400 -
>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:29 +] "GET
>> /openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1"
>> 200 96
>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:29 +] "GET
>> /openmeetings/services/room/32?&sid=25d019cb-728c-4c7e-a88e-88910b3eae51
>> HTTP/1.1" 200 444
>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:30 +] "GET
>> /openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1"
>> 200 96
>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:30 +] "POST
>> /openmeetings/services/user/hash?&sid=bd8227ad-88d1-41ba-b4ce-69239844e5a1
>> HTTP/1.1" 200 96
>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:32 +] "GET
>> **/openmeetings/wicket/bookmarkable/org.apache.openmeetings.web.pages.HashPage?0-1.0
>> *-access~denied*&secure=9c271470-cfaa-4e95-9d64-**9210b9e4a7cc&language=1&_=1585164268523
>> HTTP/1.1" 200 180
>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:32 +] "GET
>> /openmeetings/hash;jsessionid=CE0DC1A368404F8AFDCE934313E81C96?secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
>> HTTP/1.1" 200 7328
>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "-" 400 -
>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "-" 400 -
>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "-" 400 -
>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "GET
>> /openmeetings/wicket/resource/com.googlecode.wicket.kendo.ui.theme.Initializer/kendo.default.mobile.min-ver-70A144DCABA4386C973AE2446CA25F3D.css
>> HTTP/1.1" 200 111339
>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "GET
>> /openmeetings/css/theme_om/jquery-ui.min.css HTTP/1.1" 304 -
>>
>>
>>
>> OM  Version :
>>
>>
>> Name OpenMeetings  Version5.0.0-M3 Revisionb739f87 Build 
>> date2019-12-11T11:42:09Z
>>
>>
>> I  can see access denied in the log so  that pinpoints it somewhat.  Is
>> there a way  to see my  SOAP call is  correct  or a  verbose  logging mode ?
>>
>> Thanks,
>>
>> Dan
>>
>
>
> --
> WBR
> Maxim aka solomax
>
>

-- 
WBR
Maxim aka solomax

Re: Invalid Hash via SOAP API call

2020-03-25 Thread Daniel Baker


No other  OM logins.


I  actually  titled this  wrong,  it  is a  REST  call not SOAP.


Thanks,


Dan


On 26/03/2020 00:27, Maxim Solodovnik wrote:

is it possible OM was opened in second tab with active login?

On Thu, 26 Mar 2020 at 04:15, Daniel Baker 
mailto:i...@collisiondetection.biz>> wrote:


Not sure  why  I am getting this  during  entering of a room :


I get invalid  hash / Access denied   show in the browser:


image



The  url  looks  like this  which seems correct  to my
understanding  :


tail -f localhost_access_log.2020-03-25

XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:27 +] "GET
/openmeetings/services/user/login?&user=admin&pass=PASSWORD%40
HTTP/1.1" 200 96
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:27 +] "POST
/openmeetings/services/user/hash?&sid=973f7132-39f7-47d0-b614-7845c4ed0411
HTTP/1.1" 200 96
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
/openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
HTTP/1.1" 200 7231
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
/openmeetings/css/theme_om/jquery-ui.min.css HTTP/1.1" 304 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
/openmeetings/css/theme.css HTTP/1.1" 304 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
/openmeetings/css/custom.css HTTP/1.1" 304 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "-" 400 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "-" 400 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:29 +] "GET
/openmeetings/services/user/login?&user=admin&pass=PASSWORD%40
HTTP/1.1" 200 96
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:29 +] "GET
/openmeetings/services/room/32?&sid=25d019cb-728c-4c7e-a88e-88910b3eae51
HTTP/1.1" 200 444
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:30 +] "GET
/openmeetings/services/user/login?&user=admin&pass=PASSWORD%40
HTTP/1.1" 200 96
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:30 +] "POST
/openmeetings/services/user/hash?&sid=bd8227ad-88d1-41ba-b4ce-69239844e5a1
HTTP/1.1" 200 96
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:32 +] "GET

**/openmeetings/wicket/bookmarkable/org.apache.openmeetings.web.pages.HashPage?0-1.0*-access~denied*&secure=9c271470-cfaa-4e95-9d64-**9210b9e4a7cc&language=1&_=1585164268523
HTTP/1.1" 200 180
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:32 +] "GET

/openmeetings/hash;jsessionid=CE0DC1A368404F8AFDCE934313E81C96?secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
HTTP/1.1" 200 7328
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "-" 400 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "-" 400 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "-" 400 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "GET

/openmeetings/wicket/resource/com.googlecode.wicket.kendo.ui.theme.Initializer/kendo.default.mobile.min-ver-70A144DCABA4386C973AE2446CA25F3D.css
HTTP/1.1" 200 111339
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "GET
/openmeetings/css/theme_om/jquery-ui.min.css HTTP/1.1" 304 -



OM  Version :


Name OpenMeetings  Version5.0.0-M3 Revisionb739f87 Build 
date2019-12-11T11:42:09Z


I  can see access denied in the log so  that pinpoints it
somewhat.  Is there a way  to see my  SOAP call is correct  or a 
verbose  logging mode ?

Thanks,

Dan



--
WBR
Maxim aka solomax

Re: Invalid Hash via SOAP API call

2020-03-25 Thread Rodolfo Gonzalez

I'm having exactly the same problem (posted another thread).

El mié., 25 mar. 2020 a las 15:15, Daniel Baker (<
i...@collisiondetection.biz>) escribió:

> Not sure  why  I am getting this  during  entering of a room :
>
>
> I get invalid  hash / Access denied   show in the browser:
>
>
> [image: image]
>
>
> The  url  looks  like this  which seems correct  to my understanding  :
>
>
>  tail -f localhost_access_log.2020-03-25
>
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:27 +] "GET
> /openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1"
> 200 96
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:27 +] "POST
> /openmeetings/services/user/hash?&sid=973f7132-39f7-47d0-b614-7845c4ed0411
> HTTP/1.1" 200 96
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
> /openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
> HTTP/1.1" 200 7231
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
> /openmeetings/css/theme_om/jquery-ui.min.css HTTP/1.1" 304 -
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
> /openmeetings/css/theme.css HTTP/1.1" 304 -
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
> /openmeetings/css/custom.css HTTP/1.1" 304 -
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "-" 400 -
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "-" 400 -
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:29 +] "GET
> /openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1"
> 200 96
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:29 +] "GET
> /openmeetings/services/room/32?&sid=25d019cb-728c-4c7e-a88e-88910b3eae51
> HTTP/1.1" 200 444
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:30 +] "GET
> /openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1"
> 200 96
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:30 +] "POST
> /openmeetings/services/user/hash?&sid=bd8227ad-88d1-41ba-b4ce-69239844e5a1
> HTTP/1.1" 200 96
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:32 +] "GET
> **/openmeetings/wicket/bookmarkable/org.apache.openmeetings.web.pages.HashPage?0-1.0
> *-access~denied*&secure=9c271470-cfaa-4e95-9d64-**9210b9e4a7cc&language=1&_=1585164268523
> HTTP/1.1" 200 180
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:32 +] "GET
> /openmeetings/hash;jsessionid=CE0DC1A368404F8AFDCE934313E81C96?secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
> HTTP/1.1" 200 7328
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "-" 400 -
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "-" 400 -
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "-" 400 -
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "GET
> /openmeetings/wicket/resource/com.googlecode.wicket.kendo.ui.theme.Initializer/kendo.default.mobile.min-ver-70A144DCABA4386C973AE2446CA25F3D.css
> HTTP/1.1" 200 111339
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "GET
> /openmeetings/css/theme_om/jquery-ui.min.css HTTP/1.1" 304 -
>
>
>
> OM  Version :
>
>
> Name OpenMeetings  Version5.0.0-M3 Revisionb739f87 Build 
> date2019-12-11T11:42:09Z
>
>
> I  can see access denied in the log so  that pinpoints it somewhat.  Is
> there a way  to see my  SOAP call is  correct  or a  verbose  logging mode ?
>
> Thanks,
>
> Dan
>

Re: Invalid Hash via SOAP API call

2020-03-25 Thread Maxim Solodovnik

is it possible OM was opened in second tab with active login?

On Thu, 26 Mar 2020 at 04:15, Daniel Baker 
wrote:

> Not sure  why  I am getting this  during  entering of a room :
>
>
> I get invalid  hash / Access denied   show in the browser:
>
>
> [image: image]
>
>
> The  url  looks  like this  which seems correct  to my understanding  :
>
>
>  tail -f localhost_access_log.2020-03-25
>
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:27 +] "GET
> /openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1"
> 200 96
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:27 +] "POST
> /openmeetings/services/user/hash?&sid=973f7132-39f7-47d0-b614-7845c4ed0411
> HTTP/1.1" 200 96
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
> /openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
> HTTP/1.1" 200 7231
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
> /openmeetings/css/theme_om/jquery-ui.min.css HTTP/1.1" 304 -
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
> /openmeetings/css/theme.css HTTP/1.1" 304 -
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET
> /openmeetings/css/custom.css HTTP/1.1" 304 -
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "-" 400 -
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "-" 400 -
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:29 +] "GET
> /openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1"
> 200 96
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:29 +] "GET
> /openmeetings/services/room/32?&sid=25d019cb-728c-4c7e-a88e-88910b3eae51
> HTTP/1.1" 200 444
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:30 +] "GET
> /openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1"
> 200 96
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:30 +] "POST
> /openmeetings/services/user/hash?&sid=bd8227ad-88d1-41ba-b4ce-69239844e5a1
> HTTP/1.1" 200 96
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:32 +] "GET
> **/openmeetings/wicket/bookmarkable/org.apache.openmeetings.web.pages.HashPage?0-1.0
> *-access~denied*&secure=9c271470-cfaa-4e95-9d64-**9210b9e4a7cc&language=1&_=1585164268523
> HTTP/1.1" 200 180
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:32 +] "GET
> /openmeetings/hash;jsessionid=CE0DC1A368404F8AFDCE934313E81C96?secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
> HTTP/1.1" 200 7328
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "-" 400 -
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "-" 400 -
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "-" 400 -
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "GET
> /openmeetings/wicket/resource/com.googlecode.wicket.kendo.ui.theme.Initializer/kendo.default.mobile.min-ver-70A144DCABA4386C973AE2446CA25F3D.css
> HTTP/1.1" 200 111339
> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "GET
> /openmeetings/css/theme_om/jquery-ui.min.css HTTP/1.1" 304 -
>
>
>
> OM  Version :
>
>
> Name OpenMeetings  Version5.0.0-M3 Revisionb739f87 Build 
> date2019-12-11T11:42:09Z
>
>
> I  can see access denied in the log so  that pinpoints it somewhat.  Is
> there a way  to see my  SOAP call is  correct  or a  verbose  logging mode ?
>
> Thanks,
>
> Dan
>


-- 
WBR
Maxim aka solomax

Invalid Hash via SOAP API call

2020-03-25 Thread Daniel Baker


Not sure  why  I am getting this  during  entering of a room :


I get invalid  hash / Access denied   show in the browser:


image



The  url  looks  like this  which seems correct  to my understanding  :


tail -f localhost_access_log.2020-03-25

XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:27 +] "GET 
/openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1" 
200 96
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:27 +] "POST 
/openmeetings/services/user/hash?&sid=973f7132-39f7-47d0-b614-7845c4ed0411 
HTTP/1.1" 200 96
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET 
/openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1 
HTTP/1.1" 200 7231
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET 
/openmeetings/css/theme_om/jquery-ui.min.css HTTP/1.1" 304 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET 
/openmeetings/css/theme.css HTTP/1.1" 304 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "GET 
/openmeetings/css/custom.css HTTP/1.1" 304 -

XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "-" 400 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +] "-" 400 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:29 +] "GET 
/openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1" 
200 96
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:29 +] "GET 
/openmeetings/services/room/32?&sid=25d019cb-728c-4c7e-a88e-88910b3eae51 
HTTP/1.1" 200 444
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:30 +] "GET 
/openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1" 
200 96
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:30 +] "POST 
/openmeetings/services/user/hash?&sid=bd8227ad-88d1-41ba-b4ce-69239844e5a1 
HTTP/1.1" 200 96
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:32 +] "GET 
**/openmeetings/wicket/bookmarkable/org.apache.openmeetings.web.pages.HashPage?0-1.0*-access~denied*&secure=9c271470-cfaa-4e95-9d64-**9210b9e4a7cc&language=1&_=1585164268523 
HTTP/1.1" 200 180
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:32 +] "GET 
/openmeetings/hash;jsessionid=CE0DC1A368404F8AFDCE934313E81C96?secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1 
HTTP/1.1" 200 7328

XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "-" 400 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "-" 400 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "-" 400 -
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "GET 
/openmeetings/wicket/resource/com.googlecode.wicket.kendo.ui.theme.Initializer/kendo.default.mobile.min-ver-70A144DCABA4386C973AE2446CA25F3D.css 
HTTP/1.1" 200 111339
XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +] "GET 
/openmeetings/css/theme_om/jquery-ui.min.css HTTP/1.1" 304 -




OM  Version :


Name OpenMeetings  Version5.0.0-M3 Revisionb739f87 Build 
date2019-12-11T11:42:09Z


I  can see access denied in the log so  that pinpoints it somewhat.  Is 
there a way  to see my  SOAP call is  correct  or a verbose  logging mode ?


Thanks,

Dan

Re: Invalid Hash via SOAP API call

Re: Invalid Hash via SOAP API call

Re: Invalid Hash via SOAP API call

Re: Invalid Hash via SOAP API call

Re: Invalid Hash via SOAP API call

Re: Invalid Hash via SOAP API call

Re: Invalid Hash via SOAP API call

Re: Invalid Hash via SOAP API call

Re: Invalid Hash via SOAP API call

Re: Invalid Hash via SOAP API call

Invalid Hash via SOAP API call

11 matches

Site Navigation

Mail list logo

Footer information