Remove support for join POST requests and fix checksum calculation for POST requests
This commit is contained in:
parent
2508755e2f
commit
7d2dcb0434
@ -9,7 +9,6 @@ import javax.validation.constraints.NotEmpty;
|
|||||||
@GetChecksumConstraint(groups = ChecksumValidationGroup.class)
|
@GetChecksumConstraint(groups = ChecksumValidationGroup.class)
|
||||||
public class GetChecksum extends Checksum {
|
public class GetChecksum extends Checksum {
|
||||||
|
|
||||||
@NotEmpty(message = "You must provide the query string")
|
|
||||||
private String queryString;
|
private String queryString;
|
||||||
|
|
||||||
public GetChecksum(String apiCall, String checksum, String queryString, HttpServletRequest request) {
|
public GetChecksum(String apiCall, String checksum, String queryString, HttpServletRequest request) {
|
||||||
|
@ -24,18 +24,6 @@ public class GetChecksumValidator implements ConstraintValidator<GetChecksumCons
|
|||||||
String securitySalt = ServiceUtils.getValidationService().getSecuritySalt();
|
String securitySalt = ServiceUtils.getValidationService().getSecuritySalt();
|
||||||
String supportedChecksumAlgorithms = ServiceUtils.getValidationService().getSupportedChecksumAlgorithms();
|
String supportedChecksumAlgorithms = ServiceUtils.getValidationService().getSupportedChecksumAlgorithms();
|
||||||
|
|
||||||
HttpServletRequest request = checksum.getRequest();
|
|
||||||
boolean queryStringPresent = request.getQueryString() != null && !request.getQueryString().isEmpty();
|
|
||||||
boolean requestBodyPresent = request.getContentLength() > 0;
|
|
||||||
|
|
||||||
String contentType = request.getContentType();
|
|
||||||
log.info("Request content type: {}", contentType);
|
|
||||||
if (contentType != null) {
|
|
||||||
if (contentType.equalsIgnoreCase(MediaType.APPLICATION_FORM_URLENCODED) || contentType.equalsIgnoreCase(MediaType.MULTIPART_FORM_DATA)) {
|
|
||||||
if (queryStringPresent && requestBodyPresent) return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (securitySalt.isEmpty()) {
|
if (securitySalt.isEmpty()) {
|
||||||
log.warn("Security is disabled in this service. Make sure this is intentional.");
|
log.warn("Security is disabled in this service. Make sure this is intentional.");
|
||||||
return true;
|
return true;
|
||||||
|
@ -113,10 +113,6 @@ public class ValidationService {
|
|||||||
checksumValue = params.get("checksum")[0];
|
checksumValue = params.get("checksum")[0];
|
||||||
}
|
}
|
||||||
|
|
||||||
if(queryString == null || queryString.isEmpty()) {
|
|
||||||
queryString = buildQueryStringFromParamsMap(params);
|
|
||||||
}
|
|
||||||
|
|
||||||
switch(apiCall.requestType) {
|
switch(apiCall.requestType) {
|
||||||
case GET:
|
case GET:
|
||||||
checksum = new GetChecksum(apiCall.getName(), checksumValue, queryString, servletRequest);
|
checksum = new GetChecksum(apiCall.getName(), checksumValue, queryString, servletRequest);
|
||||||
|
@ -63,6 +63,10 @@ class UrlMappings {
|
|||||||
action = [GET: 'downloadFile']
|
action = [GET: 'downloadFile']
|
||||||
}
|
}
|
||||||
|
|
||||||
|
"/bigbluebutton/api/join"(controller: "api") {
|
||||||
|
action = [GET: 'join']
|
||||||
|
}
|
||||||
|
|
||||||
"/bigbluebutton/api/getMeetings"(controller: "api") {
|
"/bigbluebutton/api/getMeetings"(controller: "api") {
|
||||||
action = [GET: 'getMeetingsHandler', POST: 'getMeetingsHandler']
|
action = [GET: 'getMeetingsHandler', POST: 'getMeetingsHandler']
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user