Also the parameter "confirm" doesn't seem to have any meaning. It's not referenced in the rest of the code.
Maybe I will change my Jira to fix some of this instead of disabling captcha. Thanks Seb Sebastian Wagner Director Arrakeen Solutions, OM-Hosting.com http://arrakeen-solutions.co.nz/ https://om-hosting.com - Cloud & Server Hosting for HTML5 Video-Conferencing OpenMeetings <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url> On Tue, 26 Jan 2021 at 17:21, [email protected] <[email protected]> wrote: > That doesn't mean that you shall not be able to disable it by admin > configuration parameters. > > Btw I tried the soap/Rest service for adding users. but for some reason it > does not accept even the most complex password. > > curl --location --request POST ' > https://my-server.xyz/openmeetings/services/user/?sid=b20c5012-3c94-4e7a-bc6a-61f8cced3150 > ' \ > --header 'Content-Type: application/json' \ > --header 'Cookie: JSESSIONID=866564BDD7D8562C9B8CD1B94621AB43' \ > --form 'user="{firstname:'\''asdads'\'',lastname:'\''aasds'\'',login:'\'' > Test123123'\'',password:'\''IAmComplex_@Testing1234'\'',right:['\''ADMIN > '\''],languageId:1,timeZoneId:'\''Pacific/Auckland'\''}"' \ > --form 'confirm="false"' > > > "IAmComplex_@Testing1234" is certainly a complex password. > > But the server reject it and in the log file it says: > [39mDEBUG [0;39m 01-26 03:32:59.119 [36mo.a.o.w.UserWebService:191 > [-nio-443-exec-5] [0;39m - addNewUser::weak password > 'IAmComplex_@Testing1234', msg: null > > Seems like msg is null but still the input is not valid, above log is from > here: > > https://github.com/apache/openmeetings/blob/master/openmeetings-webservice/src/main/java/org/apache/openmeetings/webservice/UserWebService.java#L186 > > Looks strange to me. > > Sebastian Wagner > Director Arrakeen Solutions, OM-Hosting.com > http://arrakeen-solutions.co.nz/ > https://om-hosting.com - Cloud & Server Hosting for HTML5 > Video-Conferencing OpenMeetings > > <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url> > <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url> > > > On Tue, 26 Jan 2021 at 16:15, Maxim Solodovnik <[email protected]> > wrote: > >> The captcha was added because it's absence was reported as security >> vulnerability (you can check CVE at our security page ...) >> >> On Tue, 26 Jan 2021 at 10:05, [email protected] < >> [email protected]> >> wrote: >> >> > I can try with the API approach, it should be possible. It is just a bit >> > hacky. It would be easier to create a Selenium test that does both: >> > a) sign up >> > b) use that user to participate in a conference call >> > >> > I don't think the ability to turn off captcha would mean it's a security >> > risk >> > >> > Thanks >> > Seb >> > >> > Sebastian Wagner >> > Director Arrakeen Solutions, OM-Hosting.com >> > http://arrakeen-solutions.co.nz/ >> > https://om-hosting.com - Cloud & Server Hosting for HTML5 >> > Video-Conferencing OpenMeetings >> > < >> > >> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url >> > > >> > < >> > >> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url >> > > >> > >> > >> > On Tue, 26 Jan 2021 at 15:54, Maxim Solodovnik <[email protected]> >> > wrote: >> > >> > > I've added the comment: I'm -1 for this feature >> > > >> > > Registration is now covered with JUnit tests >> > > For performance testing you can >> > > 1) create users via API >> > > 2) create users directly in DB >> > > >> > > Users tend to turn off all security related "complications" just >> because >> > > some of their clients have some difficulties .... :( >> > > I'll plan to add customization options for captcha: i.e. admin can >> > specify >> > > "letter range" for captcha >> > > In such case you can specify [A,A] range ... :) >> > > >> > > On Tue, 26 Jan 2021 at 09:49, [email protected] < >> > [email protected] >> > > > >> > > wrote: >> > > >> > > > In order to do automated signup using Selenium. >> > > > That is both for testing, but in my case it is around performance >> and >> > > load >> > > > testing. >> > > > I created a ticket for now: >> > > > https://issues.apache.org/jira/browse/OPENMEETINGS-2560 and see how >> > > > difficult it would be to add this config. >> > > > >> > > > Thanks, >> > > > Seb >> > > > >> > > > Sebastian Wagner >> > > > Director Arrakeen Solutions, OM-Hosting.com >> > > > http://arrakeen-solutions.co.nz/ >> > > > https://om-hosting.com - Cloud & Server Hosting for HTML5 >> > > > Video-Conferencing OpenMeetings >> > > > < >> > > > >> > > >> > >> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url >> > > > > >> > > > < >> > > > >> > > >> > >> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url >> > > > > >> > > > >> > > > >> > > > On Tue, 26 Jan 2021 at 15:44, Maxim Solodovnik < >> [email protected]> >> > > > wrote: >> > > > >> > > > > Hello Sebastian, >> > > > > >> > > > > there is no such option ATM >> > > > > Why is it required for you? >> > > > > >> > > > > On Tue, 26 Jan 2021 at 05:17, [email protected] < >> > > > [email protected] >> > > > > > >> > > > > wrote: >> > > > > >> > > > > > Hi, >> > > > > > >> > > > > > is there a way to disable the need to enter a captcha during the >> > sign >> > > > up >> > > > > ? >> > > > > > >> > > > > > Thanks >> > > > > > Seb >> > > > > > >> > > > > > Sebastian Wagner >> > > > > > Director Arrakeen Solutions, OM-Hosting.com >> > > > > > http://arrakeen-solutions.co.nz/ >> > > > > > https://om-hosting.com - Cloud & Server Hosting for HTML5 >> > > > > > Video-Conferencing OpenMeetings >> > > > > > < >> > > > > > >> > > > > >> > > > >> > > >> > >> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url >> > > > > > > >> > > > > > < >> > > > > > >> > > > > >> > > > >> > > >> > >> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url >> > > > > > > >> > > > > > >> > > > > >> > > > > >> > > > > -- >> > > > > Best regards, >> > > > > Maxim >> > > > > >> > > > >> > > >> > > >> > > -- >> > > Best regards, >> > > Maxim >> > > >> > >> >> >> -- >> Best regards, >> Maxim >> >
