That doesn't mean that you shall not be able to disable it by admin configuration parameters.
Btw I tried the soap/Rest service for adding users. but for some reason it does not accept even the most complex password. curl --location --request POST ' https://my-server.xyz/openmeetings/services/user/?sid=b20c5012-3c94-4e7a-bc6a-61f8cced3150 ' \ --header 'Content-Type: application/json' \ --header 'Cookie: JSESSIONID=866564BDD7D8562C9B8CD1B94621AB43' \ --form 'user="{firstname:'\''asdads'\'',lastname:'\''aasds'\'',login:'\'' Test123123'\'',password:'\''IAmComplex_@Testing1234'\'',right:['\''ADMIN '\''],languageId:1,timeZoneId:'\''Pacific/Auckland'\''}"' \ --form 'confirm="false"' "IAmComplex_@Testing1234" is certainly a complex password. But the server reject it and in the log file it says: [39mDEBUG [0;39m 01-26 03:32:59.119 [36mo.a.o.w.UserWebService:191 [-nio-443-exec-5] [0;39m - addNewUser::weak password 'IAmComplex_@Testing1234', msg: null Seems like msg is null but still the input is not valid, above log is from here: https://github.com/apache/openmeetings/blob/master/openmeetings-webservice/src/main/java/org/apache/openmeetings/webservice/UserWebService.java#L186 Looks strange to me. Sebastian Wagner Director Arrakeen Solutions, OM-Hosting.com http://arrakeen-solutions.co.nz/ https://om-hosting.com - Cloud & Server Hosting for HTML5 Video-Conferencing OpenMeetings <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url> On Tue, 26 Jan 2021 at 16:15, Maxim Solodovnik <[email protected]> wrote: > The captcha was added because it's absence was reported as security > vulnerability (you can check CVE at our security page ...) > > On Tue, 26 Jan 2021 at 10:05, [email protected] <[email protected] > > > wrote: > > > I can try with the API approach, it should be possible. It is just a bit > > hacky. It would be easier to create a Selenium test that does both: > > a) sign up > > b) use that user to participate in a conference call > > > > I don't think the ability to turn off captcha would mean it's a security > > risk > > > > Thanks > > Seb > > > > Sebastian Wagner > > Director Arrakeen Solutions, OM-Hosting.com > > http://arrakeen-solutions.co.nz/ > > https://om-hosting.com - Cloud & Server Hosting for HTML5 > > Video-Conferencing OpenMeetings > > < > > > https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url > > > > > < > > > https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url > > > > > > > > > On Tue, 26 Jan 2021 at 15:54, Maxim Solodovnik <[email protected]> > > wrote: > > > > > I've added the comment: I'm -1 for this feature > > > > > > Registration is now covered with JUnit tests > > > For performance testing you can > > > 1) create users via API > > > 2) create users directly in DB > > > > > > Users tend to turn off all security related "complications" just > because > > > some of their clients have some difficulties .... :( > > > I'll plan to add customization options for captcha: i.e. admin can > > specify > > > "letter range" for captcha > > > In such case you can specify [A,A] range ... :) > > > > > > On Tue, 26 Jan 2021 at 09:49, [email protected] < > > [email protected] > > > > > > > wrote: > > > > > > > In order to do automated signup using Selenium. > > > > That is both for testing, but in my case it is around performance and > > > load > > > > testing. > > > > I created a ticket for now: > > > > https://issues.apache.org/jira/browse/OPENMEETINGS-2560 and see how > > > > difficult it would be to add this config. > > > > > > > > Thanks, > > > > Seb > > > > > > > > Sebastian Wagner > > > > Director Arrakeen Solutions, OM-Hosting.com > > > > http://arrakeen-solutions.co.nz/ > > > > https://om-hosting.com - Cloud & Server Hosting for HTML5 > > > > Video-Conferencing OpenMeetings > > > > < > > > > > > > > > > https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url > > > > > > > > > < > > > > > > > > > > https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url > > > > > > > > > > > > > > > > > On Tue, 26 Jan 2021 at 15:44, Maxim Solodovnik <[email protected] > > > > > > wrote: > > > > > > > > > Hello Sebastian, > > > > > > > > > > there is no such option ATM > > > > > Why is it required for you? > > > > > > > > > > On Tue, 26 Jan 2021 at 05:17, [email protected] < > > > > [email protected] > > > > > > > > > > > wrote: > > > > > > > > > > > Hi, > > > > > > > > > > > > is there a way to disable the need to enter a captcha during the > > sign > > > > up > > > > > ? > > > > > > > > > > > > Thanks > > > > > > Seb > > > > > > > > > > > > Sebastian Wagner > > > > > > Director Arrakeen Solutions, OM-Hosting.com > > > > > > http://arrakeen-solutions.co.nz/ > > > > > > https://om-hosting.com - Cloud & Server Hosting for HTML5 > > > > > > Video-Conferencing OpenMeetings > > > > > > < > > > > > > > > > > > > > > > > > > > > > https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url > > > > > > > > > > > > > < > > > > > > > > > > > > > > > > > > > > > https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > Best regards, > > > > > Maxim > > > > > > > > > > > > > > > > > > -- > > > Best regards, > > > Maxim > > > > > > > > -- > Best regards, > Maxim >
