Remove support for join POST requests and fix checksum calculation for POST requests

This commit is contained in:
Paul Trudel 2024-05-06 17:56:59 +00:00
parent 698a736d58
commit b2b57aca03
4 changed files with 5 additions and 18 deletions

View File

@ -9,7 +9,6 @@ import javax.validation.constraints.NotEmpty;
@GetChecksumConstraint(groups = ChecksumValidationGroup.class) @GetChecksumConstraint(groups = ChecksumValidationGroup.class)
public class GetChecksum extends Checksum { public class GetChecksum extends Checksum {
@NotEmpty(message = "You must provide the query string")
private String queryString; private String queryString;
public GetChecksum(String apiCall, String checksum, String queryString, HttpServletRequest request) { public GetChecksum(String apiCall, String checksum, String queryString, HttpServletRequest request) {

View File

@ -24,18 +24,6 @@ public class GetChecksumValidator implements ConstraintValidator<GetChecksumCons
String securitySalt = ServiceUtils.getValidationService().getSecuritySalt(); String securitySalt = ServiceUtils.getValidationService().getSecuritySalt();
String supportedChecksumAlgorithms = ServiceUtils.getValidationService().getSupportedChecksumAlgorithms(); String supportedChecksumAlgorithms = ServiceUtils.getValidationService().getSupportedChecksumAlgorithms();
HttpServletRequest request = checksum.getRequest();
boolean queryStringPresent = request.getQueryString() != null && !request.getQueryString().isEmpty();
boolean requestBodyPresent = request.getContentLength() > 0;
String contentType = request.getContentType();
log.info("Request content type: {}", contentType);
if (contentType != null) {
if (contentType.equalsIgnoreCase(MediaType.APPLICATION_FORM_URLENCODED) || contentType.equalsIgnoreCase(MediaType.MULTIPART_FORM_DATA)) {
if (queryStringPresent && requestBodyPresent) return false;
}
}
if (securitySalt.isEmpty()) { if (securitySalt.isEmpty()) {
log.warn("Security is disabled in this service. Make sure this is intentional."); log.warn("Security is disabled in this service. Make sure this is intentional.");
return true; return true;

View File

@ -113,10 +113,6 @@ public class ValidationService {
checksumValue = params.get("checksum")[0]; checksumValue = params.get("checksum")[0];
} }
if(queryString == null || queryString.isEmpty()) {
queryString = buildQueryStringFromParamsMap(params);
}
switch(apiCall.requestType) { switch(apiCall.requestType) {
case GET: case GET:
checksum = new GetChecksum(apiCall.getName(), checksumValue, queryString, servletRequest); checksum = new GetChecksum(apiCall.getName(), checksumValue, queryString, servletRequest);

View File

@ -63,6 +63,10 @@ class UrlMappings {
action = [GET: 'downloadFile'] action = [GET: 'downloadFile']
} }
"/bigbluebutton/api/join"(controller: "api") {
action = [GET: 'join']
}
"/bigbluebutton/api/getMeetings"(controller: "api") { "/bigbluebutton/api/getMeetings"(controller: "api") {
action = [GET: 'getMeetingsHandler', POST: 'getMeetingsHandler'] action = [GET: 'getMeetingsHandler', POST: 'getMeetingsHandler']
} }