BigBlueButton/bigbluebutton-Github
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added new constraint to join request to validate passwords

Browse Source
This commit is contained in:
paultrudel 2021-12-06 13:29:44 -05:00
parent 3998b6e736
commit 6213e4badd
8 changed files with 129 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
bbb-common-web/src/main/java/org/bigbluebutton/api/model/constraint/JoinPasswordConstraint.java Executable file
View File

@ -0,0 +1,22 @@
package org.bigbluebutton.api.model.constraint;
import org.bigbluebutton.api.model.validator.JoinPasswordValidator;
import javax.validation.Constraint;
import javax.validation.Payload;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;
import static java.lang.annotation.ElementType.TYPE;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
@Constraint(validatedBy = JoinPasswordValidator.class)
@Target(TYPE)
@Retention(RUNTIME)
public @interface JoinPasswordConstraint {
String key() default "invalidPassword";
String message() default "The provided password is neither a moderator or attendee password";
Class<?>[] groups() default {};
Class<? extends Payload>[] payload() default {};
}

3
bbb-common-web/src/main/java/org/bigbluebutton/api/model/request/EndMeeting.java
View File

@ -6,6 +6,7 @@ import org.bigbluebutton.api.model.constraint.NotEmpty;
import org.bigbluebutton.api.model.constraint.PasswordConstraint;
import org.bigbluebutton.api.model.shared.Checksum;
import org.bigbluebutton.api.model.shared.ModeratorPassword;
import org.bigbluebutton.api.model.shared.Password;
import javax.validation.Valid;
import java.util.Map;
@ -32,7 +33,7 @@ public class EndMeeting extends RequestWithChecksum<EndMeeting.Params> {
private String password;
@Valid
private ModeratorPassword moderatorPassword;
private Password moderatorPassword;
public EndMeeting(Checksum checksum) {
super(checksum);

16
bbb-common-web/src/main/java/org/bigbluebutton/api/model/request/JoinMeeting.java
View File

@ -2,7 +2,10 @@ package org.bigbluebutton.api.model.request;
import org.bigbluebutton.api.model.constraint.*;
import org.bigbluebutton.api.model.shared.Checksum;
import org.bigbluebutton.api.model.shared.JoinPassword;
import org.bigbluebutton.api.model.shared.Password;
import javax.validation.Valid;
import java.util.Map;
public class JoinMeeting extends RequestWithChecksum<JoinMeeting.Params> {
@ -52,8 +55,12 @@ public class JoinMeeting extends RequestWithChecksum<JoinMeeting.Params> {
private String role;
@Valid
private Password joinPassword;
public JoinMeeting(Checksum checksum) {
super(checksum);
joinPassword = new JoinPassword();
}
public String getMeetingID() {
@ -130,11 +137,18 @@ public class JoinMeeting extends RequestWithChecksum<JoinMeeting.Params> {
public void populateFromParamsMap(Map<String, String[]> params) {
if(params.containsKey(Params.MEETING_ID.getValue())) {
setMeetingID(params.get(Params.MEETING_ID.getValue())[0]);
joinPassword.setMeetingID(meetingID);
}
if(params.containsKey(Params.USER_ID.getValue())) setUserID(params.get(Params.USER_ID.getValue())[0]);
if(params.containsKey(Params.FULL_NAME.getValue())) setFullName(params.get(Params.FULL_NAME.getValue())[0]);
if(params.containsKey(Params.PASSWORD.getValue())) setPassword(params.get(Params.PASSWORD.getValue())[0]);
if(params.containsKey(Params.PASSWORD.getValue())) {
setPassword(params.get(Params.PASSWORD.getValue())[0]);
joinPassword.setPassword(password);
}
if(params.containsKey(Params.GUEST.getValue())) setGuestString(params.get(Params.GUEST.getValue())[0]);
if(params.containsKey(Params.AUTH.getValue())) setAuthString(params.get(Params.AUTH.getValue())[0]);
if(params.containsKey(Params.CREATE_TIME.getValue())) setCreateTimeString(params.get(Params.CREATE_TIME.getValue())[0]);

6
bbb-common-web/src/main/java/org/bigbluebutton/api/model/shared/JoinPassword.java Executable file
View File

@ -0,0 +1,6 @@
package org.bigbluebutton.api.model.shared;
import org.bigbluebutton.api.model.constraint.JoinPasswordConstraint;
@JoinPasswordConstraint
public class JoinPassword extends Password {}

29
bbb-common-web/src/main/java/org/bigbluebutton/api/model/shared/ModeratorPassword.java
View File

@ -2,30 +2,5 @@ package org.bigbluebutton.api.model.shared;
import org.bigbluebutton.api.model.constraint.ModeratorPasswordConstraint;
import javax.validation.constraints.NotEmpty;
@ModeratorPasswordConstraint(message = "Provided moderator password is incorrect")
public class ModeratorPassword {
@NotEmpty(message = "You must provide the meeting ID")
private String meetingID;
@NotEmpty(message = "You must provide the password for the call")
private String password;
public String getMeetingID() {
return meetingID;
}
public void setMeetingID(String meetingID) {
this.meetingID = meetingID;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
@ModeratorPasswordConstraint
public class ModeratorPassword extends Password {}

28
bbb-common-web/src/main/java/org/bigbluebutton/api/model/shared/Password.java Executable file
View File

@ -0,0 +1,28 @@
package org.bigbluebutton.api.model.shared;
import javax.validation.constraints.NotEmpty;
public abstract class Password {
@NotEmpty(message = "You must provide the meeting ID")
protected String meetingID;
@NotEmpty(message = "You must provide the password for the call")
protected String password;
public String getMeetingID() {
return meetingID;
}
public void setMeetingID(String meetingID) {
this.meetingID = meetingID;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}

53
bbb-common-web/src/main/java/org/bigbluebutton/api/model/validator/JoinPasswordValidator.java Executable file
View File

@ -0,0 +1,53 @@
package org.bigbluebutton.api.model.validator;
import org.bigbluebutton.api.domain.Meeting;
import org.bigbluebutton.api.model.constraint.JoinPasswordConstraint;
import org.bigbluebutton.api.model.shared.JoinPassword;
import org.bigbluebutton.api.service.ServiceUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.validation.ConstraintValidator;
import javax.validation.ConstraintValidatorContext;
public class JoinPasswordValidator implements ConstraintValidator<JoinPasswordConstraint, JoinPassword> {
private static Logger log = LoggerFactory.getLogger(JoinPasswordValidator.class);
@Override
public void initialize(JoinPasswordConstraint constraintAnnotation) {}
@Override
public boolean isValid(JoinPassword joinPassword, ConstraintValidatorContext constraintValidatorContext) {
log.info("Validating password {} for meeting with ID {}",
joinPassword.getPassword(), joinPassword.getMeetingID());
if(joinPassword.getMeetingID() == null) {
return false;
}
Meeting meeting = ServiceUtils.findMeetingFromMeetingID(joinPassword.getMeetingID());
if(meeting == null) {
return false;
}
String moderatorPassword = meeting.getModeratorPassword();
String attendeePassword = meeting.getViewerPassword();
String providedPassword = joinPassword.getPassword();
if(providedPassword == null) {
return false;
}
log.info("Moderator password: {}", moderatorPassword);
log.info("Attendee password: {}", attendeePassword);
log.info("Provided password: {}", providedPassword);
if(!providedPassword.equals(moderatorPassword) && !providedPassword.equals(attendeePassword)) {
return false;
}
return true;
}
}

2
bbb-common-web/src/main/java/org/bigbluebutton/api/model/validator/ModeratorPasswordValidator.java
View File

@ -12,7 +12,7 @@ import javax.validation.ConstraintValidatorContext;
public class ModeratorPasswordValidator implements ConstraintValidator<ModeratorPasswordConstraint, ModeratorPassword> {
private static Logger log = LoggerFactory.getLogger(MeetingExistsValidator.class);
private static Logger log = LoggerFactory.getLogger(ModeratorPasswordValidator.class);
@Override