Your issue with add user is most probably caused by the request you are sending (I guess password is treated as NULL)
here is the example of valid request Address: http://localhost:46325/openmeetings/services/user/?sid=5538950f-74f3-4ba2-ad29-b1309bac1cf7 HttpMethod: POST Content-Type: application/x-www-form-urlencoded ExchangeId: 39d80bfb-778f-456e-ba6a-cbecc9208a01 Headers: {Accept=application/json, host=localhost:46325, connection=keep-alive, content-type=application/x-www-form-urlencoded, cache-control=no-cache, Content-Length=552, pragma=no-cache, user-agent=Apache-CXF/3.4.1} Payload: user=%7B%22address%22%3A%7B%22deleted%22%3Afalse%2C%22email%22%3A%22email89749faf-8fc0-43d7-a372-46caed5ce271%40local%22%7D%2C%22firstname%22%3A%22firstname89749faf-8fc0-43d7-a372-46caed5ce271%22%2C%22languageId%22%3A1%2C%22lastname%22%3A%22lastname89749faf-8fc0-43d7-a372-46caed5ce271%22%2C%22login%22%3A%22login89749faf-8fc0-43d7-a372-46caed5ce271%22%2C%22password%22%3A%22pass1_%21%40%23%24%25_A%22%2C%22rights%22%3A%5B%22LOGIN%22%2C%22ROOM%22%2C%22DASHBOARD%22%5D%2C%22timeZoneId%22%3A%22Asia%2FBangkok%22%2C%22type%22%3A%22USER%22%7D&confirm=false can always be checked on build server: https://ci-builds.apache.org/job/OpenMeetings/job/openmeetings/230/consoleFull I'm planning to improve captcha as described in this thread: https://markmail.org/message/bmp6tq3t5j6rw2rz particularly, modify language.xml, add following attributes: 1) 'tip' - short text describing this captcha for ex. "Enter uppercase English letters" 2) 'rangeStart' - initial letter/code of possible captcha characters 3) 'rangeEnd' - final letter/code of possible captcha characters processing for above Will try to implement it this week On Tue, 26 Jan 2021 at 11:26, [email protected] <[email protected]> wrote: > Also the parameter "confirm" doesn't seem to have any meaning. It's not > referenced in the rest of the code. > > Maybe I will change my Jira to fix some of this instead of disabling > captcha. > > Thanks > Seb > > Sebastian Wagner > Director Arrakeen Solutions, OM-Hosting.com > http://arrakeen-solutions.co.nz/ > https://om-hosting.com - Cloud & Server Hosting for HTML5 > Video-Conferencing OpenMeetings > < > https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url > > > < > https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url > > > > > On Tue, 26 Jan 2021 at 17:21, [email protected] <[email protected] > > > wrote: > > > That doesn't mean that you shall not be able to disable it by admin > > configuration parameters. > > > > Btw I tried the soap/Rest service for adding users. but for some reason > it > > does not accept even the most complex password. > > > > curl --location --request POST ' > > > https://my-server.xyz/openmeetings/services/user/?sid=b20c5012-3c94-4e7a-bc6a-61f8cced3150 > > ' \ > > --header 'Content-Type: application/json' \ > > --header 'Cookie: JSESSIONID=866564BDD7D8562C9B8CD1B94621AB43' \ > > --form 'user="{firstname:'\''asdads'\'',lastname:'\''aasds'\'',login:'\'' > > Test123123'\'',password:'\''IAmComplex_@Testing1234'\'',right:['\''ADMIN > > '\''],languageId:1,timeZoneId:'\''Pacific/Auckland'\''}"' \ > > --form 'confirm="false"' > > > > > > "IAmComplex_@Testing1234" is certainly a complex password. > > > > But the server reject it and in the log file it says: > > [39mDEBUG [0;39m 01-26 03:32:59.119 [36mo.a.o.w.UserWebService:191 > > [-nio-443-exec-5] [0;39m - addNewUser::weak password > > 'IAmComplex_@Testing1234', msg: null > > > > Seems like msg is null but still the input is not valid, above log is > from > > here: > > > > > https://github.com/apache/openmeetings/blob/master/openmeetings-webservice/src/main/java/org/apache/openmeetings/webservice/UserWebService.java#L186 > > > > Looks strange to me. > > > > Sebastian Wagner > > Director Arrakeen Solutions, OM-Hosting.com > > http://arrakeen-solutions.co.nz/ > > https://om-hosting.com - Cloud & Server Hosting for HTML5 > > Video-Conferencing OpenMeetings > > > > < > https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url > > > > < > https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url > > > > > > > > On Tue, 26 Jan 2021 at 16:15, Maxim Solodovnik <[email protected]> > > wrote: > > > >> The captcha was added because it's absence was reported as security > >> vulnerability (you can check CVE at our security page ...) > >> > >> On Tue, 26 Jan 2021 at 10:05, [email protected] < > >> [email protected]> > >> wrote: > >> > >> > I can try with the API approach, it should be possible. It is just a > bit > >> > hacky. It would be easier to create a Selenium test that does both: > >> > a) sign up > >> > b) use that user to participate in a conference call > >> > > >> > I don't think the ability to turn off captcha would mean it's a > security > >> > risk > >> > > >> > Thanks > >> > Seb > >> > > >> > Sebastian Wagner > >> > Director Arrakeen Solutions, OM-Hosting.com > >> > http://arrakeen-solutions.co.nz/ > >> > https://om-hosting.com - Cloud & Server Hosting for HTML5 > >> > Video-Conferencing OpenMeetings > >> > < > >> > > >> > https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url > >> > > > >> > < > >> > > >> > https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url > >> > > > >> > > >> > > >> > On Tue, 26 Jan 2021 at 15:54, Maxim Solodovnik <[email protected]> > >> > wrote: > >> > > >> > > I've added the comment: I'm -1 for this feature > >> > > > >> > > Registration is now covered with JUnit tests > >> > > For performance testing you can > >> > > 1) create users via API > >> > > 2) create users directly in DB > >> > > > >> > > Users tend to turn off all security related "complications" just > >> because > >> > > some of their clients have some difficulties .... :( > >> > > I'll plan to add customization options for captcha: i.e. admin can > >> > specify > >> > > "letter range" for captcha > >> > > In such case you can specify [A,A] range ... :) > >> > > > >> > > On Tue, 26 Jan 2021 at 09:49, [email protected] < > >> > [email protected] > >> > > > > >> > > wrote: > >> > > > >> > > > In order to do automated signup using Selenium. > >> > > > That is both for testing, but in my case it is around performance > >> and > >> > > load > >> > > > testing. > >> > > > I created a ticket for now: > >> > > > https://issues.apache.org/jira/browse/OPENMEETINGS-2560 and see > how > >> > > > difficult it would be to add this config. > >> > > > > >> > > > Thanks, > >> > > > Seb > >> > > > > >> > > > Sebastian Wagner > >> > > > Director Arrakeen Solutions, OM-Hosting.com > >> > > > http://arrakeen-solutions.co.nz/ > >> > > > https://om-hosting.com - Cloud & Server Hosting for HTML5 > >> > > > Video-Conferencing OpenMeetings > >> > > > < > >> > > > > >> > > > >> > > >> > https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url > >> > > > > > >> > > > < > >> > > > > >> > > > >> > > >> > https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url > >> > > > > > >> > > > > >> > > > > >> > > > On Tue, 26 Jan 2021 at 15:44, Maxim Solodovnik < > >> [email protected]> > >> > > > wrote: > >> > > > > >> > > > > Hello Sebastian, > >> > > > > > >> > > > > there is no such option ATM > >> > > > > Why is it required for you? > >> > > > > > >> > > > > On Tue, 26 Jan 2021 at 05:17, [email protected] < > >> > > > [email protected] > >> > > > > > > >> > > > > wrote: > >> > > > > > >> > > > > > Hi, > >> > > > > > > >> > > > > > is there a way to disable the need to enter a captcha during > the > >> > sign > >> > > > up > >> > > > > ? > >> > > > > > > >> > > > > > Thanks > >> > > > > > Seb > >> > > > > > > >> > > > > > Sebastian Wagner > >> > > > > > Director Arrakeen Solutions, OM-Hosting.com > >> > > > > > http://arrakeen-solutions.co.nz/ > >> > > > > > https://om-hosting.com - Cloud & Server Hosting for HTML5 > >> > > > > > Video-Conferencing OpenMeetings > >> > > > > > < > >> > > > > > > >> > > > > > >> > > > > >> > > > >> > > >> > https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url > >> > > > > > > > >> > > > > > < > >> > > > > > > >> > > > > > >> > > > > >> > > > >> > > >> > https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url > >> > > > > > > > >> > > > > > > >> > > > > > >> > > > > > >> > > > > -- > >> > > > > Best regards, > >> > > > > Maxim > >> > > > > > >> > > > > >> > > > >> > > > >> > > -- > >> > > Best regards, > >> > > Maxim > >> > > > >> > > >> > >> > >> -- > >> Best regards, > >> Maxim > >> > > > -- Best regards, Maxim
