BigBlueButton/bigbluebutton-Github
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #6288 from bigbluebutton/fix-enter-api-session

Browse Source 
Lock enter and stuns to valid session+token
This commit is contained in:
Anton Georgiev 2018-11-22 17:54:27 -02:00 committed by GitHub
commit 37a34490f1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/ApiController.groovy
View File

@ -1420,10 +1420,12 @@ class ApiController {
UserSession userSession = null;
String respMessage = "Session " + sessionToken + " not found."
if (meetingService.getUserSessionWithAuthToken(sessionToken) == null) {
if (!session[sessionToken]) {
reject = true;
} else if (meetingService.getUserSessionWithAuthToken(sessionToken) == null) {
reject = true;
respMessage = "Session " + sessionToken + " not found."
} else {
} else {
us = meetingService.getUserSessionWithAuthToken(sessionToken);
meeting = meetingService.getMeeting(us.meetingID);
if (meeting == null || meeting.isForciblyEnded()) {
@ -1560,7 +1562,9 @@ class ApiController {
println("Session token = [" + sessionToken + "]")
}
if (meetingService.getUserSessionWithAuthToken(sessionToken) == null)
if (!session[sessionToken]) {
reject = true;
} else if (meetingService.getUserSessionWithAuthToken(sessionToken) == null)
reject = true;
else {
us = meetingService.getUserSessionWithAuthToken(sessionToken);