That is very nifty subset of rule. Let me try that again. Would be good to log the actual error instead of the password. And/or return it in the api response.
Currently all those calls just return error 500 without any indication or msg as of why it failed. Mostly because the ‘ServiceException’ is not part of the method signature. So neither cxf nor jax-rs can map it to a response body. But if you look at the msg in the log it actually says ‘null’. So even if the service could map ServiceException to a response body, it would just contain an empty message. Thanks Sebastain On Tue, 26 Jan 2021 at 7:51 PM, Maxim Solodovnik <[email protected]> wrote: > On Tue, 26 Jan 2021 at 13:45, [email protected] <[email protected] > > > wrote: > > > The log debug message clearly shows the actual password on the server > side. > > It logs the actual password on server side. > > > > > yep > my bad > your password contains login > which is violation ... > > > > Anyway I will try again with debugger turned on. > > > > Thanks > > Seb > > > > On Tue, 26 Jan 2021 at 6:50 PM, Maxim Solodovnik <[email protected]> > > wrote: > > > > > Your issue with add user is most probably caused by the request you are > > > sending (I guess password is treated as NULL) > > > > > > here is the example of valid request > > > > > > Address: > > > > > > http://localhost:46325/openmeetings/services/user/?sid=5538950f-74f3-4ba2-ad29-b1309bac1cf7 > > > HttpMethod: POST > > > Content-Type: application/x-www-form-urlencoded > > > ExchangeId: 39d80bfb-778f-456e-ba6a-cbecc9208a01 > > > Headers: {Accept=application/json, host=localhost:46325, > > > connection=keep-alive, content-type=application/x-www-form-urlencoded, > > > cache-control=no-cache, Content-Length=552, pragma=no-cache, > > > user-agent=Apache-CXF/3.4.1} > > > Payload: > > > > > > user=%7B%22address%22%3A%7B%22deleted%22%3Afalse%2C%22email%22%3A%22email89749faf-8fc0-43d7-a372-46caed5ce271%40local%22%7D%2C%22firstname%22%3A%22firstname89749faf-8fc0-43d7-a372-46caed5ce271%22%2C%22languageId%22%3A1%2C%22lastname%22%3A%22lastname89749faf-8fc0-43d7-a372-46caed5ce271%22%2C%22login%22%3A%22login89749faf-8fc0-43d7-a372-46caed5ce271%22%2C%22password%22%3A%22pass1_%21%40%23%24%25_A%22%2C%22rights%22%3A%5B%22LOGIN%22%2C%22ROOM%22%2C%22DASHBOARD%22%5D%2C%22timeZoneId%22%3A%22Asia%2FBangkok%22%2C%22type%22%3A%22USER%22%7D&confirm=false > > > > > > > > > can always be checked on build server: > > > > > > > > > https://ci-builds.apache.org/job/OpenMeetings/job/openmeetings/230/consoleFull > > > > > > I'm planning to improve captcha as described in this thread: > > > https://markmail.org/message/bmp6tq3t5j6rw2rz > > > > > > particularly, modify language.xml, add following attributes: > > > 1) 'tip' - short text describing this captcha for ex. "Enter uppercase > > > English letters" > > > 2) 'rangeStart' - initial letter/code of possible captcha characters > > > 3) 'rangeEnd' - final letter/code of possible captcha characters > > > > > > processing for above > > > > > > Will try to implement it this week > > > > > > On Tue, 26 Jan 2021 at 11:26, [email protected] < > > [email protected] > > > > > > > wrote: > > > > > > > Also the parameter "confirm" doesn't seem to have any meaning. It's > not > > > > referenced in the rest of the code. > > > > > > > > Maybe I will change my Jira to fix some of this instead of disabling > > > > captcha. > > > > > > > > Thanks > > > > Seb > > > > > > > > Sebastian Wagner > > > > Director Arrakeen Solutions, OM-Hosting.com > > > > http://arrakeen-solutions.co.nz/ > > > > https://om-hosting.com - Cloud & Server Hosting for HTML5 > > > > Video-Conferencing OpenMeetings > > > > < > > > > > > > > > > https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url > > > > > > > > > < > > > > > > > > > > https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url > > > > > > > > > > > > > > > > > On Tue, 26 Jan 2021 at 17:21, [email protected] < > > > [email protected] > > > > > > > > > wrote: > > > > > > > > > That doesn't mean that you shall not be able to disable it by admin > > > > > configuration parameters. > > > > > > > > > > Btw I tried the soap/Rest service for adding users. but for some > > reason > > > > it > > > > > does not accept even the most complex password. > > > > > > > > > > curl --location --request POST ' > > > > > > > > > > > > > > > https://my-server.xyz/openmeetings/services/user/?sid=b20c5012-3c94-4e7a-bc6a-61f8cced3150 > > > > > ' \ > > > > > --header 'Content-Type: application/json' \ > > > > > --header 'Cookie: JSESSIONID=866564BDD7D8562C9B8CD1B94621AB43' \ > > > > > --form > > > 'user="{firstname:'\''asdads'\'',lastname:'\''aasds'\'',login:'\'' > > > > > Test123123'\'',password:'\''IAmComplex_@Testing1234 > > > '\'',right:['\''ADMIN > > > > > '\''],languageId:1,timeZoneId:'\''Pacific/Auckland'\''}"' \ > > > > > --form 'confirm="false"' > > > > > > > > > > > > > > > "IAmComplex_@Testing1234" is certainly a complex password. > > > > > > > > > > But the server reject it and in the log file it says: > > > > > [39mDEBUG [0;39m 01-26 03:32:59.119 [36mo.a.o.w.UserWebService:191 > > > > > [-nio-443-exec-5] [0;39m - addNewUser::weak password > > > > > 'IAmComplex_@Testing1234', msg: null > > > > > > > > > > Seems like msg is null but still the input is not valid, above log > is > > > > from > > > > > here: > > > > > > > > > > > > > > > > > > > > https://github.com/apache/openmeetings/blob/master/openmeetings-webservice/src/main/java/org/apache/openmeetings/webservice/UserWebService.java#L186 > > > > > > > > > > Looks strange to me. > > > > > > > > > > Sebastian Wagner > > > > > Director Arrakeen Solutions, OM-Hosting.com > > > > > http://arrakeen-solutions.co.nz/ > > > > > https://om-hosting.com - Cloud & Server Hosting for HTML5 > > > > > Video-Conferencing OpenMeetings > > > > > > > > > > < > > > > > > > > > > https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url > > > > > > > > > > < > > > > > > > > > > https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url > > > > > > > > > > > > > > > > > > > > On Tue, 26 Jan 2021 at 16:15, Maxim Solodovnik < > [email protected] > > > > > > > > wrote: > > > > > > > > > >> The captcha was added because it's absence was reported as > security > > > > >> vulnerability (you can check CVE at our security page ...) > > > > >> > > > > >> On Tue, 26 Jan 2021 at 10:05, [email protected] < > > > > >> [email protected]> > > > > >> wrote: > > > > >> > > > > >> > I can try with the API approach, it should be possible. It is > > just a > > > > bit > > > > >> > hacky. It would be easier to create a Selenium test that does > > both: > > > > >> > a) sign up > > > > >> > b) use that user to participate in a conference call > > > > >> > > > > > >> > I don't think the ability to turn off captcha would mean it's a > > > > security > > > > >> > risk > > > > >> > > > > > >> > Thanks > > > > >> > Seb > > > > >> > > > > > >> > Sebastian Wagner > > > > >> > Director Arrakeen Solutions, OM-Hosting.com > > > > >> > http://arrakeen-solutions.co.nz/ > > > > >> > https://om-hosting.com - Cloud & Server Hosting for HTML5 > > > > >> > Video-Conferencing OpenMeetings > > > > >> > < > > > > >> > > > > > >> > > > > > > > > > > https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url > > > > >> > > > > > > >> > < > > > > >> > > > > > >> > > > > > > > > > > https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url > > > > >> > > > > > > >> > > > > > >> > > > > > >> > On Tue, 26 Jan 2021 at 15:54, Maxim Solodovnik < > > > [email protected]> > > > > >> > wrote: > > > > >> > > > > > >> > > I've added the comment: I'm -1 for this feature > > > > >> > > > > > > >> > > Registration is now covered with JUnit tests > > > > >> > > For performance testing you can > > > > >> > > 1) create users via API > > > > >> > > 2) create users directly in DB > > > > >> > > > > > > >> > > Users tend to turn off all security related "complications" > just > > > > >> because > > > > >> > > some of their clients have some difficulties .... :( > > > > >> > > I'll plan to add customization options for captcha: i.e. admin > > can > > > > >> > specify > > > > >> > > "letter range" for captcha > > > > >> > > In such case you can specify [A,A] range ... :) > > > > >> > > > > > > >> > > On Tue, 26 Jan 2021 at 09:49, [email protected] < > > > > >> > [email protected] > > > > >> > > > > > > > >> > > wrote: > > > > >> > > > > > > >> > > > In order to do automated signup using Selenium. > > > > >> > > > That is both for testing, but in my case it is around > > > performance > > > > >> and > > > > >> > > load > > > > >> > > > testing. > > > > >> > > > I created a ticket for now: > > > > >> > > > https://issues.apache.org/jira/browse/OPENMEETINGS-2560 and > > see > > > > how > > > > >> > > > difficult it would be to add this config. > > > > >> > > > > > > > >> > > > Thanks, > > > > >> > > > Seb > > > > >> > > > > > > > >> > > > Sebastian Wagner > > > > >> > > > Director Arrakeen Solutions, OM-Hosting.com > > > > >> > > > http://arrakeen-solutions.co.nz/ > > > > >> > > > https://om-hosting.com - Cloud & Server Hosting for HTML5 > > > > >> > > > Video-Conferencing OpenMeetings > > > > >> > > > < > > > > >> > > > > > > > >> > > > > > > >> > > > > > >> > > > > > > > > > > https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url > > > > >> > > > > > > > > >> > > > < > > > > >> > > > > > > > >> > > > > > > >> > > > > > >> > > > > > > > > > > https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url > > > > >> > > > > > > > > >> > > > > > > > >> > > > > > > > >> > > > On Tue, 26 Jan 2021 at 15:44, Maxim Solodovnik < > > > > >> [email protected]> > > > > >> > > > wrote: > > > > >> > > > > > > > >> > > > > Hello Sebastian, > > > > >> > > > > > > > > >> > > > > there is no such option ATM > > > > >> > > > > Why is it required for you? > > > > >> > > > > > > > > >> > > > > On Tue, 26 Jan 2021 at 05:17, [email protected] < > > > > >> > > > [email protected] > > > > >> > > > > > > > > > >> > > > > wrote: > > > > >> > > > > > > > > >> > > > > > Hi, > > > > >> > > > > > > > > > >> > > > > > is there a way to disable the need to enter a captcha > > during > > > > the > > > > >> > sign > > > > >> > > > up > > > > >> > > > > ? > > > > >> > > > > > > > > > >> > > > > > Thanks > > > > >> > > > > > Seb > > > > >> > > > > > > > > > >> > > > > > Sebastian Wagner > > > > >> > > > > > Director Arrakeen Solutions, OM-Hosting.com > > > > >> > > > > > http://arrakeen-solutions.co.nz/ > > > > >> > > > > > https://om-hosting.com - Cloud & Server Hosting for > HTML5 > > > > >> > > > > > Video-Conferencing OpenMeetings > > > > >> > > > > > < > > > > >> > > > > > > > > > >> > > > > > > > > >> > > > > > > > >> > > > > > > >> > > > > > >> > > > > > > > > > > https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url > > > > >> > > > > > > > > > > >> > > > > > < > > > > >> > > > > > > > > > >> > > > > > > > > >> > > > > > > > >> > > > > > > >> > > > > > >> > > > > > > > > > > https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url > > > > >> > > > > > > > > > > >> > > > > > > > > > >> > > > > > > > > >> > > > > > > > > >> > > > > -- > > > > >> > > > > Best regards, > > > > >> > > > > Maxim > > > > >> > > > > > > > > >> > > > > > > > >> > > > > > > >> > > > > > > >> > > -- > > > > >> > > Best regards, > > > > >> > > Maxim > > > > >> > > > > > > >> > > > > > >> > > > > >> > > > > >> -- > > > > >> Best regards, > > > > >> Maxim > > > > >> > > > > > > > > > > > > > > > > > > -- > > > Best regards, > > > Maxim > > > > > -- > > Sebastian Wagner > > Director Arrakeen Solutions, OM-Hosting.com > > http://arrakeen-solutions.co.nz/ > > https://om-hosting.com - Cloud & Server Hosting for HTML5 > > Video-Conferencing OpenMeetings > > < > > > https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url > > > > > < > > > https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url > > > > > > > > -- > Best regards, > Maxim > -- Sebastian Wagner Director Arrakeen Solutions, OM-Hosting.com http://arrakeen-solutions.co.nz/ https://om-hosting.com - Cloud & Server Hosting for HTML5 Video-Conferencing OpenMeetings <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
