do not allow meteor calls if credentials are null

2017-05-11 15:18:34 -04:00 · 2017-05-11 15:18:34 -04:00 · a4dcf72975
commit a4dcf72975
parent 5191168492
1 changed files with 24 additions and 2 deletions
--- a/bigbluebutton-html5/imports/ui/services/auth/index.js
+++ b/bigbluebutton-html5/imports/ui/services/auth/index.js
@ -89,10 +89,23 @@ class Auth {
    }

    return new Promise((resolve, reject) => {
-      makeCall('userLogout').then(() => {
-        this.fetchLogoutUrl()
+      const credentialsSnapshot = {
+        meetingId: this.meetingID,
+        requesterUserId: this.userID,
+        requesterToken: this.token,
+      };
+
+      // make sure users who did not connect are not added to the meeting
+      // do **not** use the custom call - it relies on expired data
+      Meteor.call('userLogout', credentialsSnapshot, (error, result) => {
+        if (error) {
+          console.error('error=', error);
+        } else {
+          console.log('result=', result);
+          this.fetchLogoutUrl()
          .then(this.clearCredentials)
          .then(resolve);
+        }
      });
    });
  };
@ -109,6 +122,15 @@ class Auth {

    return new Promise((resolve, reject) => {
      Tracker.autorun((c) => {
+        if (!(credentials.meetingId && credentials.requesterToken && credentials.requesterUserId)) {
+          debugger;
+          reject({
+            error: 500,
+            description: 'Authentication subscription failed due to missing credentials.',
+          });
+          return;
+        }
+
        setTimeout(() => {
          c.stop();
          reject({