The log debug message clearly shows the actual password on the server side. It logs the actual password on server side.
Anyway I will try again with debugger turned on. Thanks Seb On Tue, 26 Jan 2021 at 6:50 PM, Maxim Solodovnik <[email protected]> wrote: > Your issue with add user is most probably caused by the request you are > sending (I guess password is treated as NULL) > > here is the example of valid request > > Address: > http://localhost:46325/openmeetings/services/user/?sid=5538950f-74f3-4ba2-ad29-b1309bac1cf7 > HttpMethod: POST > Content-Type: application/x-www-form-urlencoded > ExchangeId: 39d80bfb-778f-456e-ba6a-cbecc9208a01 > Headers: {Accept=application/json, host=localhost:46325, > connection=keep-alive, content-type=application/x-www-form-urlencoded, > cache-control=no-cache, Content-Length=552, pragma=no-cache, > user-agent=Apache-CXF/3.4.1} > Payload: > user=%7B%22address%22%3A%7B%22deleted%22%3Afalse%2C%22email%22%3A%22email89749faf-8fc0-43d7-a372-46caed5ce271%40local%22%7D%2C%22firstname%22%3A%22firstname89749faf-8fc0-43d7-a372-46caed5ce271%22%2C%22languageId%22%3A1%2C%22lastname%22%3A%22lastname89749faf-8fc0-43d7-a372-46caed5ce271%22%2C%22login%22%3A%22login89749faf-8fc0-43d7-a372-46caed5ce271%22%2C%22password%22%3A%22pass1_%21%40%23%24%25_A%22%2C%22rights%22%3A%5B%22LOGIN%22%2C%22ROOM%22%2C%22DASHBOARD%22%5D%2C%22timeZoneId%22%3A%22Asia%2FBangkok%22%2C%22type%22%3A%22USER%22%7D&confirm=false > > > can always be checked on build server: > > https://ci-builds.apache.org/job/OpenMeetings/job/openmeetings/230/consoleFull > > I'm planning to improve captcha as described in this thread: > https://markmail.org/message/bmp6tq3t5j6rw2rz > > particularly, modify language.xml, add following attributes: > 1) 'tip' - short text describing this captcha for ex. "Enter uppercase > English letters" > 2) 'rangeStart' - initial letter/code of possible captcha characters > 3) 'rangeEnd' - final letter/code of possible captcha characters > > processing for above > > Will try to implement it this week > > On Tue, 26 Jan 2021 at 11:26, [email protected] <[email protected] > > > wrote: > > > Also the parameter "confirm" doesn't seem to have any meaning. It's not > > referenced in the rest of the code. > > > > Maybe I will change my Jira to fix some of this instead of disabling > > captcha. > > > > Thanks > > Seb > > > > Sebastian Wagner > > Director Arrakeen Solutions, OM-Hosting.com > > http://arrakeen-solutions.co.nz/ > > https://om-hosting.com - Cloud & Server Hosting for HTML5 > > Video-Conferencing OpenMeetings > > < > > > https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url > > > > > < > > > https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url > > > > > > > > > On Tue, 26 Jan 2021 at 17:21, [email protected] < > [email protected] > > > > > wrote: > > > > > That doesn't mean that you shall not be able to disable it by admin > > > configuration parameters. > > > > > > Btw I tried the soap/Rest service for adding users. but for some reason > > it > > > does not accept even the most complex password. > > > > > > curl --location --request POST ' > > > > > > https://my-server.xyz/openmeetings/services/user/?sid=b20c5012-3c94-4e7a-bc6a-61f8cced3150 > > > ' \ > > > --header 'Content-Type: application/json' \ > > > --header 'Cookie: JSESSIONID=866564BDD7D8562C9B8CD1B94621AB43' \ > > > --form > 'user="{firstname:'\''asdads'\'',lastname:'\''aasds'\'',login:'\'' > > > Test123123'\'',password:'\''IAmComplex_@Testing1234 > '\'',right:['\''ADMIN > > > '\''],languageId:1,timeZoneId:'\''Pacific/Auckland'\''}"' \ > > > --form 'confirm="false"' > > > > > > > > > "IAmComplex_@Testing1234" is certainly a complex password. > > > > > > But the server reject it and in the log file it says: > > > [39mDEBUG [0;39m 01-26 03:32:59.119 [36mo.a.o.w.UserWebService:191 > > > [-nio-443-exec-5] [0;39m - addNewUser::weak password > > > 'IAmComplex_@Testing1234', msg: null > > > > > > Seems like msg is null but still the input is not valid, above log is > > from > > > here: > > > > > > > > > https://github.com/apache/openmeetings/blob/master/openmeetings-webservice/src/main/java/org/apache/openmeetings/webservice/UserWebService.java#L186 > > > > > > Looks strange to me. > > > > > > Sebastian Wagner > > > Director Arrakeen Solutions, OM-Hosting.com > > > http://arrakeen-solutions.co.nz/ > > > https://om-hosting.com - Cloud & Server Hosting for HTML5 > > > Video-Conferencing OpenMeetings > > > > > > < > > > https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url > > > > > > < > > > https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url > > > > > > > > > > > > On Tue, 26 Jan 2021 at 16:15, Maxim Solodovnik <[email protected]> > > > wrote: > > > > > >> The captcha was added because it's absence was reported as security > > >> vulnerability (you can check CVE at our security page ...) > > >> > > >> On Tue, 26 Jan 2021 at 10:05, [email protected] < > > >> [email protected]> > > >> wrote: > > >> > > >> > I can try with the API approach, it should be possible. It is just a > > bit > > >> > hacky. It would be easier to create a Selenium test that does both: > > >> > a) sign up > > >> > b) use that user to participate in a conference call > > >> > > > >> > I don't think the ability to turn off captcha would mean it's a > > security > > >> > risk > > >> > > > >> > Thanks > > >> > Seb > > >> > > > >> > Sebastian Wagner > > >> > Director Arrakeen Solutions, OM-Hosting.com > > >> > http://arrakeen-solutions.co.nz/ > > >> > https://om-hosting.com - Cloud & Server Hosting for HTML5 > > >> > Video-Conferencing OpenMeetings > > >> > < > > >> > > > >> > > > https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url > > >> > > > > >> > < > > >> > > > >> > > > https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url > > >> > > > > >> > > > >> > > > >> > On Tue, 26 Jan 2021 at 15:54, Maxim Solodovnik < > [email protected]> > > >> > wrote: > > >> > > > >> > > I've added the comment: I'm -1 for this feature > > >> > > > > >> > > Registration is now covered with JUnit tests > > >> > > For performance testing you can > > >> > > 1) create users via API > > >> > > 2) create users directly in DB > > >> > > > > >> > > Users tend to turn off all security related "complications" just > > >> because > > >> > > some of their clients have some difficulties .... :( > > >> > > I'll plan to add customization options for captcha: i.e. admin can > > >> > specify > > >> > > "letter range" for captcha > > >> > > In such case you can specify [A,A] range ... :) > > >> > > > > >> > > On Tue, 26 Jan 2021 at 09:49, [email protected] < > > >> > [email protected] > > >> > > > > > >> > > wrote: > > >> > > > > >> > > > In order to do automated signup using Selenium. > > >> > > > That is both for testing, but in my case it is around > performance > > >> and > > >> > > load > > >> > > > testing. > > >> > > > I created a ticket for now: > > >> > > > https://issues.apache.org/jira/browse/OPENMEETINGS-2560 and see > > how > > >> > > > difficult it would be to add this config. > > >> > > > > > >> > > > Thanks, > > >> > > > Seb > > >> > > > > > >> > > > Sebastian Wagner > > >> > > > Director Arrakeen Solutions, OM-Hosting.com > > >> > > > http://arrakeen-solutions.co.nz/ > > >> > > > https://om-hosting.com - Cloud & Server Hosting for HTML5 > > >> > > > Video-Conferencing OpenMeetings > > >> > > > < > > >> > > > > > >> > > > > >> > > > >> > > > https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url > > >> > > > > > > >> > > > < > > >> > > > > > >> > > > > >> > > > >> > > > https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url > > >> > > > > > > >> > > > > > >> > > > > > >> > > > On Tue, 26 Jan 2021 at 15:44, Maxim Solodovnik < > > >> [email protected]> > > >> > > > wrote: > > >> > > > > > >> > > > > Hello Sebastian, > > >> > > > > > > >> > > > > there is no such option ATM > > >> > > > > Why is it required for you? > > >> > > > > > > >> > > > > On Tue, 26 Jan 2021 at 05:17, [email protected] < > > >> > > > [email protected] > > >> > > > > > > > >> > > > > wrote: > > >> > > > > > > >> > > > > > Hi, > > >> > > > > > > > >> > > > > > is there a way to disable the need to enter a captcha during > > the > > >> > sign > > >> > > > up > > >> > > > > ? > > >> > > > > > > > >> > > > > > Thanks > > >> > > > > > Seb > > >> > > > > > > > >> > > > > > Sebastian Wagner > > >> > > > > > Director Arrakeen Solutions, OM-Hosting.com > > >> > > > > > http://arrakeen-solutions.co.nz/ > > >> > > > > > https://om-hosting.com - Cloud & Server Hosting for HTML5 > > >> > > > > > Video-Conferencing OpenMeetings > > >> > > > > > < > > >> > > > > > > > >> > > > > > > >> > > > > > >> > > > > >> > > > >> > > > https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url > > >> > > > > > > > > >> > > > > > < > > >> > > > > > > > >> > > > > > > >> > > > > > >> > > > > >> > > > >> > > > https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url > > >> > > > > > > > > >> > > > > > > > >> > > > > > > >> > > > > > > >> > > > > -- > > >> > > > > Best regards, > > >> > > > > Maxim > > >> > > > > > > >> > > > > > >> > > > > >> > > > > >> > > -- > > >> > > Best regards, > > >> > > Maxim > > >> > > > > >> > > > >> > > >> > > >> -- > > >> Best regards, > > >> Maxim > > >> > > > > > > > > -- > Best regards, > Maxim > -- Sebastian Wagner Director Arrakeen Solutions, OM-Hosting.com http://arrakeen-solutions.co.nz/ https://om-hosting.com - Cloud & Server Hosting for HTML5 Video-Conferencing OpenMeetings <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
