From b2b57aca0394ef9cc2088886a897704f4e374d8b Mon Sep 17 00:00:00 2001 From: Paul Trudel Date: Mon, 6 May 2024 17:56:59 +0000 Subject: [PATCH] Remove support for join POST requests and fix checksum calculation for POST requests --- .../bigbluebutton/api/model/shared/GetChecksum.java | 3 +-- .../api/model/validator/GetChecksumValidator.java | 12 ------------ .../bigbluebutton/api/service/ValidationService.java | 4 ---- .../org/bigbluebutton/web/UrlMappings.groovy | 4 ++++ 4 files changed, 5 insertions(+), 18 deletions(-) diff --git a/bbb-common-web/src/main/java/org/bigbluebutton/api/model/shared/GetChecksum.java b/bbb-common-web/src/main/java/org/bigbluebutton/api/model/shared/GetChecksum.java index c1df483052..952de208c9 100755 --- a/bbb-common-web/src/main/java/org/bigbluebutton/api/model/shared/GetChecksum.java +++ b/bbb-common-web/src/main/java/org/bigbluebutton/api/model/shared/GetChecksum.java @@ -8,8 +8,7 @@ import javax.validation.constraints.NotEmpty; @GetChecksumConstraint(groups = ChecksumValidationGroup.class) public class GetChecksum extends Checksum { - - @NotEmpty(message = "You must provide the query string") + private String queryString; public GetChecksum(String apiCall, String checksum, String queryString, HttpServletRequest request) { diff --git a/bbb-common-web/src/main/java/org/bigbluebutton/api/model/validator/GetChecksumValidator.java b/bbb-common-web/src/main/java/org/bigbluebutton/api/model/validator/GetChecksumValidator.java index 62638e4f77..1395348ba0 100755 --- a/bbb-common-web/src/main/java/org/bigbluebutton/api/model/validator/GetChecksumValidator.java +++ b/bbb-common-web/src/main/java/org/bigbluebutton/api/model/validator/GetChecksumValidator.java @@ -24,18 +24,6 @@ public class GetChecksumValidator implements ConstraintValidator 0; - - String contentType = request.getContentType(); - log.info("Request content type: {}", contentType); - if (contentType != null) { - if (contentType.equalsIgnoreCase(MediaType.APPLICATION_FORM_URLENCODED) || contentType.equalsIgnoreCase(MediaType.MULTIPART_FORM_DATA)) { - if (queryStringPresent && requestBodyPresent) return false; - } - } - if (securitySalt.isEmpty()) { log.warn("Security is disabled in this service. Make sure this is intentional."); return true; diff --git a/bbb-common-web/src/main/java/org/bigbluebutton/api/service/ValidationService.java b/bbb-common-web/src/main/java/org/bigbluebutton/api/service/ValidationService.java index 481ea7b665..bba230759e 100755 --- a/bbb-common-web/src/main/java/org/bigbluebutton/api/service/ValidationService.java +++ b/bbb-common-web/src/main/java/org/bigbluebutton/api/service/ValidationService.java @@ -113,10 +113,6 @@ public class ValidationService { checksumValue = params.get("checksum")[0]; } - if(queryString == null || queryString.isEmpty()) { - queryString = buildQueryStringFromParamsMap(params); - } - switch(apiCall.requestType) { case GET: checksum = new GetChecksum(apiCall.getName(), checksumValue, queryString, servletRequest); diff --git a/bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/UrlMappings.groovy b/bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/UrlMappings.groovy index 5390a8dae8..2a6aab198c 100755 --- a/bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/UrlMappings.groovy +++ b/bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/UrlMappings.groovy @@ -63,6 +63,10 @@ class UrlMappings { action = [GET: 'downloadFile'] } + "/bigbluebutton/api/join"(controller: "api") { + action = [GET: 'join'] + } + "/bigbluebutton/api/getMeetings"(controller: "api") { action = [GET: 'getMeetingsHandler', POST: 'getMeetingsHandler'] }