BigBlueButton/bigbluebutton-Github
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Prevent validateAuthToken spamming.

Browse Source 
If an ejected user tries to enter in the meeting using the current url
html5 client keep trying to validate that user, but without success
causing a validateAuthToken message spam until the connection times out.
This commit is contained in:
Joao Siebel 2020-09-21 15:50:54 -03:00
parent 2cd250bfa2
commit a3cf7cd98e
2 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
bigbluebutton-html5/imports/api/users/server/methods/validateAuthToken.js
View File

@ -3,6 +3,7 @@ import RedisPubSub from '/imports/startup/server/redis';
import Logger from '/imports/startup/server/logger'; import Logger from '/imports/startup/server/logger';
import pendingAuthenticationsStore from '../store/pendingAuthentications'; import pendingAuthenticationsStore from '../store/pendingAuthentications';
import BannedUsers from '../store/bannedUsers'; import BannedUsers from '../store/bannedUsers';
import Users from '/imports/api/users';
export default function validateAuthToken(meetingId, requesterUserId, requesterToken, externalId) { export default function validateAuthToken(meetingId, requesterUserId, requesterToken, externalId) {
const REDIS_CONFIG = Meteor.settings.private.redis; const REDIS_CONFIG = Meteor.settings.private.redis;
@ -13,10 +14,18 @@ export default function validateAuthToken(meetingId, requesterUserId, requesterT
if (externalId) { if (externalId) {
if (BannedUsers.has(meetingId, externalId)) { if (BannedUsers.has(meetingId, externalId)) {
Logger.warn(`A banned user with extId ${externalId} tried to enter in meeting ${meetingId}`); Logger.warn(`A banned user with extId ${externalId} tried to enter in meeting ${meetingId}`);
return; return { invalid: true, reason: 'User has been banned.' };
} }
} }
// Check if a removed user is trying to access the meeting using the same sessionToken
const isUserEjected = Users.findOne({ meetingId, authToken: requesterToken, ejected: true });
if (isUserEjected) {
Logger.warn(`An invalid sessionToken tried to validateAuthToken meetingId=${meetingId} authToken=${requesterToken}`);
return { invalid: true, reason: 'User has been ejected.' };
}
// Store reference of methodInvocationObject ( to postpone the connection userId definition ) // Store reference of methodInvocationObject ( to postpone the connection userId definition )
pendingAuthenticationsStore.add(meetingId, requesterUserId, requesterToken, this); pendingAuthenticationsStore.add(meetingId, requesterUserId, requesterToken, this);

4
bigbluebutton-html5/imports/ui/services/auth/index.js
View File

@ -220,11 +220,11 @@ class Auth {
const result = await makeCall('validateAuthToken', this.meetingID, this.userID, this.token, this.externUserID); const result = await makeCall('validateAuthToken', this.meetingID, this.userID, this.token, this.externUserID);
if (!result) { if (result && result.invalid) {
clearTimeout(validationTimeout); clearTimeout(validationTimeout);
reject({ reject({
error: 401, error: 401,
description: 'User has been banned.', description: result.reason,
}); });
return; return;
} }