Remove support for join POST requests and fix checksum calculation for POST requests
This commit is contained in:
parent
698a736d58
commit
b2b57aca03
@ -9,7 +9,6 @@ import javax.validation.constraints.NotEmpty;
|
||||
@GetChecksumConstraint(groups = ChecksumValidationGroup.class)
|
||||
public class GetChecksum extends Checksum {
|
||||
|
||||
@NotEmpty(message = "You must provide the query string")
|
||||
private String queryString;
|
||||
|
||||
public GetChecksum(String apiCall, String checksum, String queryString, HttpServletRequest request) {
|
||||
|
@ -24,18 +24,6 @@ public class GetChecksumValidator implements ConstraintValidator<GetChecksumCons
|
||||
String securitySalt = ServiceUtils.getValidationService().getSecuritySalt();
|
||||
String supportedChecksumAlgorithms = ServiceUtils.getValidationService().getSupportedChecksumAlgorithms();
|
||||
|
||||
HttpServletRequest request = checksum.getRequest();
|
||||
boolean queryStringPresent = request.getQueryString() != null && !request.getQueryString().isEmpty();
|
||||
boolean requestBodyPresent = request.getContentLength() > 0;
|
||||
|
||||
String contentType = request.getContentType();
|
||||
log.info("Request content type: {}", contentType);
|
||||
if (contentType != null) {
|
||||
if (contentType.equalsIgnoreCase(MediaType.APPLICATION_FORM_URLENCODED) || contentType.equalsIgnoreCase(MediaType.MULTIPART_FORM_DATA)) {
|
||||
if (queryStringPresent && requestBodyPresent) return false;
|
||||
}
|
||||
}
|
||||
|
||||
if (securitySalt.isEmpty()) {
|
||||
log.warn("Security is disabled in this service. Make sure this is intentional.");
|
||||
return true;
|
||||
|
@ -113,10 +113,6 @@ public class ValidationService {
|
||||
checksumValue = params.get("checksum")[0];
|
||||
}
|
||||
|
||||
if(queryString == null || queryString.isEmpty()) {
|
||||
queryString = buildQueryStringFromParamsMap(params);
|
||||
}
|
||||
|
||||
switch(apiCall.requestType) {
|
||||
case GET:
|
||||
checksum = new GetChecksum(apiCall.getName(), checksumValue, queryString, servletRequest);
|
||||
|
@ -63,6 +63,10 @@ class UrlMappings {
|
||||
action = [GET: 'downloadFile']
|
||||
}
|
||||
|
||||
"/bigbluebutton/api/join"(controller: "api") {
|
||||
action = [GET: 'join']
|
||||
}
|
||||
|
||||
"/bigbluebutton/api/getMeetings"(controller: "api") {
|
||||
action = [GET: 'getMeetingsHandler', POST: 'getMeetingsHandler']
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user