Hi Maxim,
Now it’s working correctly, but only in the same browser.
Multi-browser is broken because it depends in the ip sent, at least in my pc.
Edge is using a IPv6 ip:
DEBUG 05-30 10:44:54.710 MainService.java 45797 243
org.apache.openmeetings.core.remote.MainService [RTMPConnectionExecutor-1] -
swfURL fe80:0:0:0:f531:e3b2:fa22:1dc1%11
Chrome is using a IPv4 ip:
DEBUG 05-30 10:45:02.810 MainService.java 53897 243
org.apache.openmeetings.core.remote.MainService [RTMPConnectionExecutor-3] -
swfURL 172.17.0.27
It causes that if (!soapLogin.getClientURL().equals(clientURL)) { in lane 253
of MainService to returns false
Pablo Vidal Figueiras
[email protected]<mailto:[email protected]>
981926047
................................................................................
BALIDEA
Consulting & Programming
Avda. Finisterre, 281, 1º / 15008 A Coruña
Tel.: 981 93 78 76 / Fax: 981 93 78 21 /
[email protected]<mailto:[email protected]> /
www.balidea.com<http://www.balidea.com/>
De: Maxim Solodovnik [mailto:[email protected]]
Enviado el: viernes, 27 de mayo de 2016 14:46
Para: Openmeetings user-list <[email protected]>
CC: Bruno Rubio Gayo <[email protected]>
Asunto: Re: SecureHash issue
multi-browser should work as expected (the only limitation is: client address
i.e. IP should be the same)
I just have commited additional fix
revision 1745748+
to avoid session clean-up
should work better
On Thu, May 26, 2016 at 9:23 PM, Pablo Vidal Figueiras
<[email protected]<mailto:[email protected]>> wrote:
Hi,
There is 2 new issues after updating the code:
• If the url (ie
http://localhost:5080/openmeetings/?secureHash=5d0ab251-7265-4951-a90c-25ebc04c60f8)
is used in a navigator (ie IE11) then it’s opened in a different navigator (ie
Chrome) a "This session hash has already been used [787]" error message is
shown.
• If the url (ie
http://localhost:5080/openmeetings/?secureHash=5d0ab251-7265-4951-a90c-25ebc04c60f8)
is used in a navigator (ie IE11) then it’s opened in the same navigator, then
it opens the room but the user list is empty
o http://imgur.com/3rii9tr
De: Maxim Solodovnik [mailto:[email protected]<mailto:[email protected]>]
Enviado el: jueves, 26 de mayo de 2016 14:34
Para: Openmeetings user-list
<[email protected]<mailto:[email protected]>>
CC: Bruno Rubio Gayo <[email protected]<mailto:[email protected]>>
Asunto: Re: SecureHash issue
seems to be fixed
On Thu, May 26, 2016 at 6:33 PM, Pablo Vidal Figueiras
<[email protected]<mailto:[email protected]>> wrote:
Thank you Maxim ;)
Pablo Vidal Figueiras
[email protected]<mailto:[email protected]>
981926047
................................................................................
BALIDEA
Consulting & Programming
Avda. Finisterre, 281, 1º / 15008 A Coruña
Tel.: 981 93 78 76 / Fax: 981 93 78 21 /
[email protected]<mailto:[email protected]> /
www.balidea.com<http://www.balidea.com/>
De: Maxim Solodovnik [mailto:[email protected]<mailto:[email protected]>]
Enviado el: jueves, 26 de mayo de 2016 14:30
Para: Openmeetings user-list
<[email protected]<mailto:[email protected]>>
CC: Bruno Rubio Gayo <[email protected]<mailto:[email protected]>>
Asunto: Re: SecureHash issue
https://issues.apache.org/jira/browse/OPENMEETINGS-1411
On Thu, May 26, 2016 at 6:00 PM, Maxim Solodovnik
<[email protected]<mailto:[email protected]>> wrote:
Hello Pablo,
secureHashes are mostly being used as one-time-hash, I'll check what is going
on in case "allowSameURLMultipleTimes" is set to true and will write back here
On Thu, May 26, 2016 at 4:57 PM, Pablo Vidal Figueiras
<[email protected]<mailto:[email protected]>> wrote:
Hi,
I detected an issue related to secureHash url and indirectly with the
allowSameURLMultipleTimes when it's setted as true.
I'm using a 3.1.2 Snapshot version I donwloaded the 5/5 from the svn branch and
disconnected from the apache svn, so I have no further updates
SecureHash url is created with an administrator user (swCetir in the case) for
an external user (moderator)
ExternalUserDTO Json in construction
properties.addProperty("login", 1111L);
properties.addProperty("firstname", "moderator");
properties.addProperty("lastname", "grabable");
properties.addProperty("propilePictureUrl", StringUtils.EMPTY);
properties.addProperty("email", "[email protected]<mailto:[email protected]>");
properties.addProperty("externalId", 1111L);
properties.addProperty("externalType", "tipo_cetir");
RoomOptionsDTO Json in construction
properties.addProperty("roomId", 11L);
properties.addProperty("moderator", Boolean.TRUE);
properties.addProperty("showAudioVideoTest", Boolean.FALSE);
properties.addProperty("allowSameURLMultipleTimes", Boolean.TRUE);
properties.addProperty("recordingId", 11L);
properties.addProperty("showNickNameDialog", Boolean.FALSE);
properties.addProperty("allowRecording", Boolean.TRUE);
Resulting in an url like
"http://localhost:5080/openmeetings/?secureHash=dbc154dc-7bb4-4d2d-9993-d3f4e54fbe3f";
Now, the 1st time the url is called, the traces I added show the user used to
check permission is administrator user (swCetir)
DEBUG 05-26 10:33:10.095 MainService.java 311480 361
org.apache.openmeetings.core.remote.MainService [RTMPConnectionExecutor-1] -
users_id: 2
DEBUG 05-26 10:33:10.131 AuthLevelUtil.java 311516 65
org.apache.openmeetings.db.util.AuthLevelUtil [RTMPConnectionExecutor-1] -
rights: Dashboard
DEBUG 05-26 10:33:10.146 AuthLevelUtil.java 311531 65
org.apache.openmeetings.db.util.AuthLevelUtil [RTMPConnectionExecutor-1] -
rights: Soap
DEBUG 05-26 10:33:10.153 AuthLevelUtil.java 311538 65
org.apache.openmeetings.db.util.AuthLevelUtil [RTMPConnectionExecutor-1] -
rights: Login
DEBUG 05-26 10:33:10.157 AuthLevelUtil.java 311542 65
org.apache.openmeetings.db.util.AuthLevelUtil [RTMPConnectionExecutor-1] -
rights: Room
DEBUG 05-26 10:33:10.182 AuthLevelUtil.java 311567 36
org.apache.openmeetings.db.util.AuthLevelUtil [RTMPConnectionExecutor-1] -
Level Soap :: [GRANTED]
2nd and next tries, it uses external user (moderator)
DEBUG 05-26 10:33:29.290 MainService.java 330675 361
org.apache.openmeetings.core.remote.MainService [RTMPConnectionExecutor-2] -
users_id: 3
DEBUG 05-26 10:33:29.315 AuthLevelUtil.java 330700 65
org.apache.openmeetings.db.util.AuthLevelUtil [RTMPConnectionExecutor-2] -
rights: Dashboard
DEBUG 05-26 10:33:29.319 AuthLevelUtil.java 330704 65
org.apache.openmeetings.db.util.AuthLevelUtil [RTMPConnectionExecutor-2] -
rights: Login
DEBUG 05-26 10:33:29.331 AuthLevelUtil.java 330716 65
org.apache.openmeetings.db.util.AuthLevelUtil [RTMPConnectionExecutor-2] -
rights: Room
DEBUG 05-26 10:33:29.342 AuthLevelUtil.java 330727 36
org.apache.openmeetings.db.util.AuthLevelUtil [RTMPConnectionExecutor-2] -
Level Soap :: [DENIED]
Resulting in a popup error: "Unknown error. Please report this to the
administrator. [334]"
If allowSameURLMultipleTimes is setted as false, error shown is: "This session
hash has already been used [787]", but it still checks the rights of the
administrator user
Best regards.
Pablo Vidal Figueiras
[email protected]<mailto:[email protected]>
981926047
................................................................................
BALIDEA
Consulting & Programming
Avda. Finisterre, 281, 1º / 15008 A Coruña
Tel.: 981 93 78 76 / Fax: 981 93 78 21 /
[email protected]<mailto:[email protected]> /
www.balidea.com<http://www.balidea.com/>
________________________________
Antes de imprimir este mensaje, asegúrese de que es necesario hacerlo.
Aviso Legal: La información contenida en este mensaje y sus posibles documentos
adjuntos es privada y confidencial y está dirigida únicamente a su
destinatario/a. Si usted no es el/la destinatario/a original de este mensaje,
por favor elimínelo. Cualquier uso de este mensaje o sus adjuntos sin
autorización está prohibida por ley.
_____
Before printing this message, make sure it is really necessary.
Legal Notice: The information contained in this message and its possible
attachments are private and confidential and is intended solely for the
addressee shown. If you are not the intended recipient of this message, please
delete it. Any use of this message or its attachments without permission is
prohibited by law.
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
________________________________
Antes de imprimir este mensaje, asegúrese de que es necesario hacerlo.
Aviso Legal: La información contenida en este mensaje y sus posibles documentos
adjuntos es privada y confidencial y está dirigida únicamente a su
destinatario/a. Si usted no es el/la destinatario/a original de este mensaje,
por favor elimínelo. Cualquier uso de este mensaje o sus adjuntos sin
autorización está prohibida por ley.
_____
Before printing this message, make sure it is really necessary.
Legal Notice: The information contained in this message and its possible
attachments are private and confidential and is intended solely for the
addressee shown. If you are not the intended recipient of this message, please
delete it. Any use of this message or its attachments without permission is
prohibited by law.
--
WBR
Maxim aka solomax
________________________________
Antes de imprimir este mensaje, asegúrese de que es necesario hacerlo.
Aviso Legal: La información contenida en este mensaje y sus posibles documentos
adjuntos es privada y confidencial y está dirigida únicamente a su
destinatario/a. Si usted no es el/la destinatario/a original de este mensaje,
por favor elimínelo. Cualquier uso de este mensaje o sus adjuntos sin
autorización está prohibida por ley.
_____
Before printing this message, make sure it is really necessary.
Legal Notice: The information contained in this message and its possible
attachments are private and confidential and is intended solely for the
addressee shown. If you are not the intended recipient of this message, please
delete it. Any use of this message or its attachments without permission is
prohibited by law.
--
WBR
Maxim aka solomax
________________________________
Antes de imprimir este mensaje, asegúrese de que es necesario hacerlo.
Aviso Legal: La información contenida en este mensaje y sus posibles documentos
adjuntos es privada y confidencial y está dirigida únicamente a su
destinatario/a. Si usted no es el/la destinatario/a original de este mensaje,
por favor elimínelo. Cualquier uso de este mensaje o sus adjuntos sin
autorización está prohibida por ley.
_____
Before printing this message, make sure it is really necessary.
Legal Notice: The information contained in this message and its possible
attachments are private and confidential and is intended solely for the
addressee shown. If you are not the intended recipient of this message, please
delete it. Any use of this message or its attachments without permission is
prohibited by law.
