Bohdan Zhemelinskyi
927d97fc30
Merge branch 'defaultPresentationNull' of https://github.com/zhem0004/bigbluebutton into defaultPresentationNull
2022-10-19 19:39:09 +00:00
Daniel Petri Rocha
0a2b4186a2
Merge branch 'v2.6.x-release' into breakout-upload-ui
2022-10-19 19:51:05 +02:00
Bohdan Zhemelinskyi
35ed3228ef
set defaultPresentation-null
2022-10-18 14:57:54 +00:00
Gustavo Trott
80ffb26fff
Implements maxUserConcurrentAccesses and change participants count logic
2022-10-17 17:30:53 -03:00
Daniel Petri Rocha
f170bdc19b
Merge branch 'v2.6.x-release' into capture-shared-notes
2022-10-06 22:38:21 +02:00
Gustavo Trott
ec9bad1287
Merge pull request #15762 from zhem0004/removeSetPollsXML
2022-10-05 12:02:39 -03:00
Daniel Petri Rocha
234e36f462
Merge branch 'v2.6.x-release' into breakout-upload-ui
2022-10-03 11:05:23 +02:00
Daniel Petri Rocha
26a93f6853
Merge branch 'v2.6.x-release' into capture-shared-notes
2022-10-03 11:03:24 +02:00
Gustavo Trott
9a18f5fe61
Merge pull request #15467 from zhem0004/spring2726
2022-09-30 17:29:56 -03:00
Bohdan Zhemelinskyi
adcd139ec0
remove SetPollsXML
2022-09-30 14:24:09 +00:00
prlanzarin
0a796ef39d
feat(bbb-web): make HTTP session timeout configurable
...
Java/Grails' HTTP session inactivity timeout is hardcoded to 4 hours.
This gives less flexibility for long-lived sessions - ie in rare
scenarios where users stay connected for >= that amount of time without
any re-connections or intermediate calls to checkAuthorization.
This commit makes the HTTP session timeout configurable, system-wide, via
bigbluebutton.properties. Default timeout is preserved.
Ideally, we should look into a more permanent solution to avoid
invalidating perfectly healthy user sessions. This commit fixes
nothing in that regard.
2022-09-27 19:16:36 +00:00
Ramón Souza
2b0971e2c8
Merge tag 'v2.5.6' into merge-256-26
2022-09-26 09:17:59 -03:00
Gustavo Trott
052fc41c41
Merge pull request #15610 from paultrudel/meeting-api-fixes-25
2022-09-21 09:26:24 -03:00
Daniel Petri Rocha
e23d00004f
'Capture Shared Notes' button in front-end
2022-09-20 17:43:13 +02:00
Daniel Petri Rocha
c84c2e2892
Merge branch 'v2.6.x-release' into breakout-upload-ui
2022-09-19 19:30:18 +02:00
Bohdan Zhemelinskyi
7f42e28ec7
place spring version in one place and cleanup
2022-09-08 18:40:19 +00:00
zhem0004
0a0d768627
Merge branch 'spring2726' of https://github.com/zhem0004/bigbluebutton into spring2726
2022-09-08 11:24:50 -04:00
Bohdan Zhemelinskyi
f51742a819
Merge branch 'v2.6.x-release' of https://github.com/bigbluebutton/bigbluebutton into spring27
2022-09-08 14:32:35 +00:00
Brent Baccala
00b635e763
bigbluebutton-web: when matching user-supplied meeting IDs in API
...
calls, use ServiceUtils.findMeetingFromMeetingID instead of
meetingService.getMeeting, in order to handle either external or
internal meeting IDs
2022-09-05 23:16:39 -04:00
Daniel Petri Rocha
f1690247fd
Include capture checkbox in bbb-html5
2022-09-05 19:27:38 +02:00
Daniel Petri Rocha
16b3d43f19
Initial back-end wiring for breakout slides capture
2022-09-04 22:34:04 +02:00
Gustavo Trott
3b890e5509
Merge pull request #15608 from paultrudel/meeting-api-fixes
2022-08-31 15:21:48 -03:00
Paul Trudel
14aec9f7da
Added maxParticpants calculation changes from 2.6
2022-08-29 15:25:14 +00:00
Ramón Souza
609d43157a
Merge tag 'v2.5.5' into merge-2526-aug25
2022-08-25 14:33:44 -03:00
GuiLeme
c0567c9c93
[issue15565] - remove allow property
2022-08-19 16:49:06 -03:00
GuiLeme
8ee93432b9
[issue15565] - Fixed current attribute not being respected
2022-08-19 15:59:26 -03:00
Paul Trudel
f84698cd5c
changes to max pariticpants calculation and guest policy
2022-08-16 15:15:45 +00:00
Bohdan Zhemelinskyi
7582b8891a
upgrade spring to 2.7.x
2022-07-30 14:50:03 +00:00
Bohdan Zhemelinskyi
fd31c78ec4
temp changes
2022-07-29 19:03:25 +00:00
Daniel Schreiber
e0e1d9e5b3
Fix: use grails configuration for CORS settings
...
Grails can handle CORS on its own. It just has to be configured in
`/etc/bigbluebutton/bbb-web.properties`:
~~~
grails.cors.enabled=true
grails.cors.allowedOrigins=https://bbb-proxy.example.org
grails.cors.allowCredentials=true
~~~
This is a breaking change of the nginx config if (and only if) you run a
cluster setup as described in
https://docs.bigbluebutton.org/admin/clusterproxy.html
**If** you run such a setup, you **need** to change
`/etc/bigbluebutton/bbb-web.properties`. Otherwise users won't be able
to join meetings, upload slides etc.
The change in `PresentationController.groovy` fixes the handling of
`OPTIONS` requests in the `/bigbluebutton/presentation/checkPresentation`
handler.
2022-07-27 23:30:36 +02:00
Bohdan Zhemelinskyi
e016e6985b
error detecting
2022-07-21 18:30:48 +00:00
Gustavo Trott
807f0286c9
Merge pull request #14786 from paultrudel/recording-api-changes
2022-06-30 15:57:23 -03:00
Paul Trudel
ff8a68e20b
Merge branch 'develop' of github.com:bigbluebutton/bigbluebutton into recording-api-changes
2022-06-29 13:24:45 +00:00
prlanzarin
6225042148
feat: add user name to checkAuthorization response
...
Audio's callerId depends on the user name and there isn't
an "on-demand" way of fetching that field internally, making callerId
assembly with trusted attributes (server-side generated) impossible in
bbb-webrtc-sfu.
The new extra header (User-Name, mapped to user_name in the proxied
connection) allows fetching the user name field in a cheap way and
consequently provides a cheap+safe way of assembling the callerId.
Alternatives I've considered but discarded:
- a new akka-apps req-resp pair for fetching the user name (+overhead)
- a new akka-apps req-resp pair for generating the callerId (+overhead)
- piggybacking on GetMicrophonePermissionReq/Resp to generate the
callerId (same overhead, but mixing responsabilities)
2022-06-28 20:33:36 +00:00
GuiLeme
2afe4526a8
[issue-14828] - Logic change of processing current
parameter.
2022-05-11 16:25:44 -03:00
GuiLeme
23aaeedef2
[issue-14828] - Changed order of inserting the default.pdf
document
2022-05-11 10:40:56 -03:00
Guilherme Leme
b95cba3ded
[issue-14819] - When sending a batch with no current with default.pdf
, that will be the current.
2022-05-05 17:45:36 -03:00
Guilherme Leme
5fc66ccf12
[issue-14828] - preUploadedPresentationOverrideDefault can now be sent in url (it will override the config)
2022-05-04 14:13:00 -03:00
Guilherme Leme
df30e30a1e
[issue-14828] - Implemented feature to upload presentations in create API and still have default.pdf
2022-05-04 11:06:48 -03:00
Paul Trudel
1d434e65b7
Merge branch 'develop' of github.com:bigbluebutton/bigbluebutton into recording-api-changes
2022-04-11 13:36:11 +00:00
Ramon Souza
1c873bd8d6
Merge remote-tracking branch 'upstream/v2.4.x-release' into merge-2425-apr08
2022-04-08 17:30:21 -03:00
Paul Trudel
aa956919c2
Updated recording changes for 2.6
2022-04-08 18:46:54 +00:00
Anton Georgiev
4ad4e8e7fa
Merge pull request #14668 from GuiLeme/issue-14335
...
[issue-14335]- Deprecate password on the endpoints.
2022-03-30 11:47:55 -04:00
Guilherme Leme
247794ff45
[issue-14335] - Changes in review, the random password has been added if a null one is sent while creating the meeting to avoid crashes in old integrations.
2022-03-30 10:07:46 -03:00
Guilherme Leme
b4bf27c199
[issue-14335]- Refactored endpoints to not need the password anymore. It is in deprecated state now.
2022-03-24 15:35:17 -03:00
Gustavo Trott
6562cbc6e7
Merge branch 'v2.5.x-release' into disabledFeatures-breakoutRooms
2022-03-16 14:57:46 -03:00
Daniel Petri Rocha
3d74878f51
Adds 'current' as optional parameter in the upload endpoint
2022-03-15 18:21:19 +01:00
Gustavo Trott
c6bfb4b7ec
fix error
2022-03-14 15:35:00 -03:00
Guilherme Leme
9104a0308e
[issue-14321] - Changes to make it possible to send 2 presentations with the same name
2022-03-14 12:10:27 -03:00
Anton Georgiev
212578b7c8
Merge branch 'v2.5.x-release' into disabledFeatures-learningDashboard
2022-03-02 08:46:31 -05:00
Gustavo Trott
9d6eaead02
Move api param learningDashboardEnabled to disabledFeatures
2022-03-01 17:27:54 -03:00
Anton Georgiev
cfb7c354ce
Merge pull request #14494 from GuiLeme/issue-14431
...
Change in current attribute for InsertDocument endpoint
2022-03-01 12:59:03 -05:00
Guilherme Leme
b8bba75b62
[issue-14431] - Implemented the back-end not to accept the current attribute comming from insert endpoint.
2022-03-01 14:27:09 -03:00
Ramón Souza
138f4d64e4
Merge remote-tracking branch 'upstream/v2.4.x-release' into v2.5.x-release
2022-02-24 14:49:56 +00:00
Tainan Felipe
d609a1fd8d
Fix lint errors
2022-02-16 15:55:11 -03:00
Tainan Felipe
b730ef7aa2
Add a message for when the guest isn't valid
2022-02-10 16:31:35 -03:00
Guilherme Leme
f9d97ca562
[issue-14014] / [issue-14313] / [issue-14312] - Fixed and refactored back-end to fit the logic of passing parameters, not only by document with url, but by base64 encoded document too. And refactored front-end.
2022-02-10 15:27:44 -03:00
Guilherme Leme
c10dd9121e
[issue-14014] - Made some changes in back-end logic to put the first presentation as current, if none is marked as current.
2022-02-09 10:40:42 -03:00
Guilherme Leme
ea09c7001c
[issue-14014] - WIP adding current tag on presentation payload
2022-02-04 14:52:53 -03:00
Guilherme Leme
7650967b2f
Resolved merging conflicts.
2022-02-04 08:48:58 -03:00
Guilherme Leme
75f3eab3f8
Resolve merging conflicts
2022-02-03 12:03:26 -03:00
Guilherme Leme
655c81c8f4
[Issue-14014]-Implemented the logic in the controller and refactored the function uploadDocuments to fit the new scenario. I also created the insert model to be validated.
2022-02-03 09:33:29 -03:00
Anton Georgiev
8404048cfd
Merge pull request #14134 from hiroshisuga/fixpreupload
...
fix(bbb-web) broken Asian filename for pre-uploaded presentation (fix on bbb-web)
2022-01-31 10:43:37 -05:00
hiroshisuga
2c3b180ee0
add error-catch
2022-01-26 07:46:20 +09:00
Ramón Souza
16cd3c4ebb
Merge remote-tracking branch 'upstream/v2.4.x-release' into dev-24-0125
2022-01-25 16:56:52 +00:00
Anton Georgiev
5f4c5cdedb
Merge branch 'develop' into r-r-e-acea
2022-01-24 16:05:57 -05:00
Anton Georgiev
a761f0177a
Merge pull request #14143 from frankemax/fix-userdata-injection
...
fix(userdata): consistent breakout room userdata
2022-01-24 15:10:38 -05:00
Pedro Beschorner Marin
c9043655f1
Merge branch 'develop' into position-in-waiting-queue
2022-01-24 14:31:03 -03:00
Pedro Beschorner Marin
810deb907b
refactor(etherpad): access control et al.
...
Move all Etherpad's access control from Meteor to a separated [Node application](https://github.com/bigbluebutton/bbb-pads ).
This new app uses [Etherpad's API](https://etherpad.org/doc/v1.8.4/#index_overview )
to create groups and manage session tokens for users to access them. Each group
represents one distinct pad at the html5 client.
- Removed locked users' access to pads: replaced readOnly pad's access with a new pad's content sharing routine
- Pad's access is now controlled by [Etherpad's API](https://etherpad.org/doc/v1.8.4/#index_overview )
- Closed captions edited content now reflects at it's live feedback
- Improved closed caption's dictation mode live feedback
- Moved all Etherpad's API control from Meteor to a separated [app](https://github.com/bigbluebutton/bbb-pads )
- Included access control both in akka-apps and bbb-pads
2022-01-21 16:56:01 -03:00
Guilherme Leme
740de857cf
[Issue-13238]-Implemented the logic related to receiving and sending the new removable attribute onwards.
2022-01-21 11:52:10 -03:00
Pedro Beschorner Marin
4a0882f9f2
fix(userdata): merge breakout room userdata
...
Avoid using MongoDB to copy breakout room user's userdata. All userdata is
now merged at bbb-web's join API call.
2022-01-19 10:58:13 -03:00
hiroshisuga
e9fee8f330
for preuploaded asian filename
2022-01-19 09:53:21 +09:00
Pedro Beschorner Marin
2bc370ce0b
feat(api): allowRequestsWithoutSession as a meeting create param
...
Add a create meeting parameter to enable or disable the user's cookie
session requests.
2022-01-17 09:51:01 -03:00
Aleksandar Vasilev
6935b8293c
Merge branch 'bigbluebutton:develop' into position-in-waiting-queue
2022-01-16 02:59:40 +01:00
Aleksandar Vasilev
6103ae960d
Merge branch 'bigbluebutton:develop' into develop-private-guest-lobby-messages
2022-01-16 02:58:43 +01:00
SashoVihVas
1862f60e05
Add private guest lobby messages
2022-01-12 14:10:30 +00:00
SashoVihVas
2d7c82e73d
Add position in waiting queue for guest users
2022-01-12 03:08:43 +00:00
prlanzarin
31df1b0efe
chore: add legacy checkAuthorization endpoint
...
For the sake of backwards compatibility
2021-12-16 23:43:55 -03:00
paultrudel
65688af8b0
Added logging for passwords
2021-12-15 14:28:37 -05:00
prlanzarin
434b2200b1
chore: add user infos in custom headers to checkAuthorization OK response
2021-12-03 19:48:30 +00:00
Anton Georgiev
a2d8b59e4d
Merge pull request #13814 from prlanzarin/u24-sahel-terroir
...
fix(core): look for session/jsession cookie in checkAuthorization endpoint
2021-12-02 16:01:52 -05:00
prlanzarin
5dfc2f10cb
fix(core): look for session/jsession cookie in checkAuthorization endpoint
2021-12-02 15:53:39 +00:00
Gustavo Trott
df60295d22
Implements join param excludeFromDashboard
2021-11-26 14:07:03 -03:00
Anton Georgiev
123705bd37
Merge pull request #13609 from jfsiebel/bbb-version-api-response
...
Add bbb version in api response
2021-11-02 16:35:38 -04:00
Anton Georgiev
ca5815ebbc
Merge pull request #13589 from jfsiebel/add-role-join-param
...
Add role parameter in join url
2021-11-02 16:35:11 -04:00
Anton Georgiev
4731d767c7
Merge pull request #13616 from paultrudel/remove-additional-logging
...
Removed additional session info logging from api controller
2021-11-01 13:47:19 -04:00
paultrudel
a7edb2536c
Removed additional session info logging from api controller
2021-11-01 13:04:18 -04:00
Joao Siebel
cb4c21a7ac
Add bbb version in api response
2021-10-29 17:20:19 -03:00
paultrudel
fc39ddf93b
duplicate voice bridge now returns the proper error
2021-10-29 14:39:10 -04:00
paultrudel
33956cf6b2
Reverted sessionToken value in enter reject response
2021-10-27 17:07:05 -04:00
paultrudel
1fe0f93ab2
Added an import that was accidentally removed
2021-10-27 15:00:43 -04:00
paultrudel
aa5b105e6e
Added more logging to ApiController
2021-10-27 14:58:05 -04:00
paultrudel
cd92f4a4f4
modified sessionToken value name in enter response
2021-10-27 14:31:29 -04:00
Joao Siebel
7ea48706ef
Add role parameter on join
2021-10-27 15:28:11 -03:00
paultrudel
960ed35810
added more logging to API controller
2021-10-27 13:31:32 -04:00
paultrudel
5fe8577098
Added additional logging to bbb-web api controller
2021-10-27 12:43:21 -04:00
Gustavo Trott
ae88e8d325
Add Api/learningDashboard properly validation
2021-10-18 18:15:46 -03:00
Gustavo Trott
efee460fe4
Update Api/LearningDashboard validation in favor of #13371
2021-10-18 17:08:47 -03:00
Anton Georgiev
a1e3bbebd3
Merge pull request #13488 from gustavotrott/learning-dashboard-individual-token
...
refactor: Makes LearningDashboard data be provided by bbb-web (avoid demoted user to receive updates)
2021-10-18 13:37:03 -04:00
Gustavo Trott
0102104fbe
Makes bbb-web provide LearningDashboard data while meeting is alive
2021-10-14 14:00:25 -03:00
paultrudel
6f40fa115d
Merge branch 'v2.4.x-release' of https://github.com/bigbluebutton/bigbluebutton into change-message-key-value
2021-10-06 16:02:48 -04:00
Anton Georgiev
59fc722529
Merge branch 'v2.3.x-release' of github.com:bigbluebutton/bigbluebutton into merge-23-24
2021-10-05 17:14:46 +00:00
paultrudel
5e3f33131c
Reverted the messageKey values in validation error messages back to their old values
2021-10-01 15:31:30 -04:00
Pedro Beschorner Marin
c43ca7a22d
fix(guests): max participants
...
Waiting users shouldn't count as valid participants at the meeting's
`maxParticipants` constraint.
Avoid calling `enter` at the waiting page.
Reference https://github.com/bigbluebutton/bigbluebutton/pull/10542
2021-09-28 08:31:18 -03:00
paultrudel
39aaa52b25
Move max participant check back to Api
...
Controller
2021-09-01 15:50:45 -04:00
paultrudel
2af81a3a9e
fixed issue with guests not joining meeting after being approved
2021-07-30 15:57:30 -04:00
Anton Georgiev
1abedcc698
Merge pull request #12789 from jfsiebel/implement-default-layout-config
...
Allow default layout config in bbb-web
2021-07-21 16:11:08 -04:00
paultrudel
0d526845cb
removed 'Validation Error' from client error message
2021-07-19 15:07:07 -04:00
Joao Siebel
8462465a5f
Allow default layout config in bbb-web. close #12668
2021-07-19 11:02:58 -03:00
paultrudel
fe9d356230
changed validation error message
2021-07-14 14:16:32 -04:00
paultrudel
e5f13e7916
added postman test scripts to test to the functionality of the bbb-web api
2021-07-12 11:24:09 -04:00
paultrudel
078a369b68
Minor bug fixes to validation in some validators
2021-06-30 13:21:28 -04:00
paultrudel
f74ea387d7
updates to validation on all api endpoints
2021-06-30 10:17:08 -04:00
paultrudel
1191713b48
fixed merge conflicts
2021-06-24 10:03:02 -04:00
paultrudel
a2cd27c1f9
merge with update-api-create-join-validation
2021-06-24 09:32:23 -04:00
paultrudel
1cdfbbd08a
updated validation for bbb-web api create/join
2021-06-23 11:17:35 -04:00
Joao Siebel
f16700a8c4
Allow tags in meeting and user name. close #10221 close #12370
2021-05-31 09:59:15 -03:00
Anton Georgiev
5c94eb846d
refactor: Isolate recording apis into RecordingController
2021-05-27 16:02:17 +00:00
Anton Georgiev
ced0cc0b26
removed configXML from bbb-web
2021-05-22 16:13:29 +00:00
Gustavo Trott
5e0ccf47b2
Removes support of configToken param
2021-05-20 16:31:38 -03:00
Gustavo Trott
14301b27ea
Makes bbb-web return code 403 when uploaded file exceeds limit
2021-04-13 16:54:17 -03:00
Gustavo Trott
28555ed33d
Sends error code 413 to Upload request when file is too large
2021-04-09 15:41:19 -03:00
Gustavo Trott
3d1575e635
Send pubSub FileTooLarge Error Msg from bbb-web when file is too large, (and makes Akka send meetingId with presentation token msg)
2021-04-08 14:18:15 -03:00
Pedro Beschorner Marin
beb694c74a
Improve guest lobby feedback
...
Included a message and a redirect for the cases where the guest is
not allowed to join or the meeting has expired/ended.
2021-03-29 22:17:59 -03:00
Pedro Beschorner Marin
0365018e92
Add guest lobby messages
...
Moderators are able to send a message to the meeting's guest lobby. This new
event reaches bbb-web and is sent to the guest user with her/his status response
while polling. All guest users that are waiting for acceptance will be able to
read this message.
enableGuestLobbyMessage is disabled by default.
2021-03-09 11:02:25 -03:00
Anton Georgiev
228bad03d5
Merge branch 'v2.2.x-release' of github.com:bigbluebutton/bigbluebutton into march4-merge
2021-03-04 21:25:47 +00:00
Anton Georgiev
eba2d0ab58
Merge pull request #11535 from pedrobmarin/etherpad-patch
...
Rework padIds and turn bbb-web pad aware
2021-03-02 14:48:34 -05:00
Anton Georgiev
55e8de4357
Merge branch 'v2.2.x-release' of github.com:bigbluebutton/bigbluebutton into feb18-merge
2021-02-18 20:33:19 +00:00
Anton Georgiev
f43560d535
Support for backend vs frontend nodejs instances bbb-html5
2021-02-16 03:19:31 +00:00
Pedro Beschorner Marin
09b39a8d63
Add extra pad validation
...
Associate pads with meetings so session validation is restricted to the
meeting's valid session tokens.
Meteor will dispatch new redis events on shared notes and closed captions
pads creation. This event will go through apps and reach web to populate
a new meeting's pad collection that contains all valid pad id's for that
session. Nginx will use this collection to check if the user's session token
belongs to the pad's authorized users.
Besides these modifications, an extra change will be needed at notes.nginx.
Location /pad/p/ needs to change it's auth_request:
from /bigbluebutton/connection/checkAuthorization;
to /bigbluebutton/connection/validatePad;
2021-02-10 13:37:04 -03:00
Ghazi Triki
5f683809cd
Make sure checksum validation is done first in join API and display an error without redirection in failure case.
2021-02-09 19:03:54 +01:00
Anton Georgiev
3135c6bb22
Handle guestWait url for multiple nodejs instanceIds
2021-01-05 15:38:21 +00:00
Anton Georgiev
55fe528e35
Change bigbluebutton.properties client url param
2020-12-16 15:49:20 +00:00
Anton Georgiev
8b65f9e15b
Set bbb-html5 loadbalancing to be round robin
2020-12-15 01:55:57 +00:00
Anton Georgiev
0be8773e4c
Loadbalance bbb-html5 in bbb-web based on CPU
2020-12-11 21:36:06 +00:00
Anton Georgiev
418fdb1a31
remove obsolete attendeesJoinViaHTML5Client moderatorsJoinViaHTML5Client
2020-12-09 19:11:50 +00:00
basisbit
34ad640ea7
Fix voice bridge compare
...
Cherry-picked https://github.com/bigbluebutton/bigbluebutton/pull/9855
Co-Authored-By: Pedro Beschorner Marin <pedrobmarin@gmail.com>
2020-12-09 14:55:47 +01:00
basisbit
7ba6bd9f7a
Fix voiceBridge collision
...
Cherry-picked the commits from https://github.com/bigbluebutton/bigbluebutton/pull/9251
The added code checks if a meetingID is unique and makes sure no two meetings use the same VoiceBridge. Also see Issue # 9024
2020-12-09 13:58:26 +01:00
Anton Georgiev
3faabd1821
Merge 2.2.29 and 2.2.30 into 2.3.x
2020-11-24 15:13:09 +00:00
Anton Georgiev
23f2df11d5
code changes to allow for meetings' redis events to be processed on different html5 nodejs pids
2020-11-18 20:34:02 +00:00
Anton Georgiev
ecbf575dcf
Merge pull request #10819 from bigbluebutton/join-api-sanitize
...
Sanitize parameters of API's. Fixes #10818
2020-11-13 10:55:38 -05:00
Tiago Daniel Jacobs
e59bcd0c33
Sanitize all received parameters
2020-11-13 06:54:32 +00:00
Tiago Daniel Jacobs
52e3eea552
Split error message from session token ( making it easier to translate - and more secure/ )
2020-11-13 06:13:48 +00:00
Tiago Daniel Jacobs
5c911ddeec
Sanitize fullName parameter of join API. Fixes #10818
2020-11-13 05:59:31 +00:00
Your Name
b4ecf53c80
Remove unwanted debug logging: This pushed the whole binary of every PDF uploaded into the logs.
2020-11-08 16:56:26 +01:00
Anton Georgiev
0c7ead1916
Merge branch 'v2.2.x-release' of github.com:bigbluebutton/bigbluebutton into oct16-merge
2020-10-21 14:48:02 +00:00
Pedro Beschorner Marin
2fb26ff0cf
Patch of improvements for bbb-web
...
This patch includes two improvements made for bbb-web. It tries to better isolate
the sessionToken's handling and session's validation, including logs for each one of
these steps; and removes maxParticipats control from registered users (that are no
longer removed from bbb-web collections) binding it to joined users or users that
reached the enter API call. The following adds more details about this last one:
User's regular flow to join a meeting goes around an API join call -> redis register event ->
redirect to client page -> API enter call -> redis join event. When the guest policy is ASK_MODERATOR,
non-moderators are registered and redirected to a guest lobby that polls for her/his guest status and
only enters the meeting after a moderator approval.
Using registered users as control to check how many participants are in a meeting is problematic because
non-approved guests are counted as participants and bbb-web has to find out when to ditch registered users
records to make a seat in a meeting available again. In other words, a meeting with maxParicipants
of 5 can get it's joins locked with a moderator and 4 waiting guests or bbb-web can wrongly drop a registered
user record on a reconnection inducing weird 401 responses from the API.
This change proposes to control maxParticipants both at join and enter API calls monitoring the number
of redis joined users. This also includes an extra buffer to capture users that called the enter API but
still don't have an user joined event.
User left events are now handled different holding the user data before removing from the joined users collection
and only releasing after verifying that the user didn't reconnected.
Both user left timeout `usersTimeout` and entered user timeout `enteredUsersTimeout` can be configured at properties.
2020-09-28 09:59:52 -03:00
Tiago Jacobs
153c59307d
Improvements on bbb-libreoffice
2020-07-24 02:42:51 -03:00
Pedro Beschorner Marin
de40885768
Define API's voice bridge error
2020-06-16 17:01:57 -03:00
Anton Georgiev
56e16d79a3
Merge pull request #9251 from elor/fix-voicebridge-collision
...
Fix voiceBridge collision (Issue #9024 )
2020-05-28 16:17:59 -04:00