You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openmeetings.apache.org by "seba.wagner@gmail.com" <se...@gmail.com> on 2021/01/25 22:17:02 UTC
Disable captch during sign up
Hi,
is there a way to disable the need to enter a captcha during the sign up ?
Thanks
Seb
Sebastian Wagner
Director Arrakeen Solutions, OM-Hosting.com
http://arrakeen-solutions.co.nz/
https://om-hosting.com - Cloud & Server Hosting for HTML5
Video-Conferencing OpenMeetings
<https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
<https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
Re: Disable captch during sign up
Posted by "seba.wagner@gmail.com" <se...@gmail.com>.
Yeah let me have a look at the error handler and response
Thx
Seb
On Tue, 26 Jan 2021 at 9:26 PM, Maxim Solodovnik <so...@gmail.com>
wrote:
> On Tue, 26 Jan 2021 at 15:20, seba.wagner@gmail.com <seba.wagner@gmail.com
> >
> wrote:
>
> > That is very nifty subset of rule.
> > Let me try that again.
> >
> > Would be good to log the actual error instead of the password.
> > And/or return it in the api response.
> >
>
> The code for this was added:
>
> https://github.com/apache/openmeetings/blob/master/openmeetings-webservice/src/main/java/org/apache/openmeetings/webservice/UserWebService.java#L191
>
> Maybe it has some bugs ... :(
>
>
>
> >
> > Currently all those calls just return error 500 without any indication or
> > msg as of why it failed. Mostly because the ‘ServiceException’ is not
> part
> > of the method signature. So neither cxf nor jax-rs can map it to a
> response
> > body.
> >
>
> I had no time to check the mapping :(
> I would appreciate it if you can improve this :)
>
>
> >
> > But if you look at the msg in the log it actually says ‘null’. So even if
> > the service could map ServiceException to a response body, it would just
> > contain an empty message.
> >
> > Thanks
> > Sebastain
> >
> > On Tue, 26 Jan 2021 at 7:51 PM, Maxim Solodovnik <so...@gmail.com>
> > wrote:
> >
> > > On Tue, 26 Jan 2021 at 13:45, seba.wagner@gmail.com <
> > seba.wagner@gmail.com
> > > >
> > > wrote:
> > >
> > > > The log debug message clearly shows the actual password on the server
> > > side.
> > > > It logs the actual password on server side.
> > > >
> > > >
> > > yep
> > > my bad
> > > your password contains login
> > > which is violation ...
> > >
> > >
> > > > Anyway I will try again with debugger turned on.
> > > >
> > > > Thanks
> > > > Seb
> > > >
> > > > On Tue, 26 Jan 2021 at 6:50 PM, Maxim Solodovnik <
> solomax666@gmail.com
> > >
> > > > wrote:
> > > >
> > > > > Your issue with add user is most probably caused by the request you
> > are
> > > > > sending (I guess password is treated as NULL)
> > > > >
> > > > > here is the example of valid request
> > > > >
> > > > > Address:
> > > > >
> > > >
> > >
> >
> http://localhost:46325/openmeetings/services/user/?sid=5538950f-74f3-4ba2-ad29-b1309bac1cf7
> > > > > HttpMethod: POST
> > > > > Content-Type: application/x-www-form-urlencoded
> > > > > ExchangeId: 39d80bfb-778f-456e-ba6a-cbecc9208a01
> > > > > Headers: {Accept=application/json, host=localhost:46325,
> > > > > connection=keep-alive,
> > content-type=application/x-www-form-urlencoded,
> > > > > cache-control=no-cache, Content-Length=552, pragma=no-cache,
> > > > > user-agent=Apache-CXF/3.4.1}
> > > > > Payload:
> > > > >
> > > >
> > >
> >
> user=%7B%22address%22%3A%7B%22deleted%22%3Afalse%2C%22email%22%3A%22email89749faf-8fc0-43d7-a372-46caed5ce271%40local%22%7D%2C%22firstname%22%3A%22firstname89749faf-8fc0-43d7-a372-46caed5ce271%22%2C%22languageId%22%3A1%2C%22lastname%22%3A%22lastname89749faf-8fc0-43d7-a372-46caed5ce271%22%2C%22login%22%3A%22login89749faf-8fc0-43d7-a372-46caed5ce271%22%2C%22password%22%3A%22pass1_%21%40%23%24%25_A%22%2C%22rights%22%3A%5B%22LOGIN%22%2C%22ROOM%22%2C%22DASHBOARD%22%5D%2C%22timeZoneId%22%3A%22Asia%2FBangkok%22%2C%22type%22%3A%22USER%22%7D&confirm=false
> > > > >
> > > > >
> > > > > can always be checked on build server:
> > > > >
> > > > >
> > > >
> > >
> >
> https://ci-builds.apache.org/job/OpenMeetings/job/openmeetings/230/consoleFull
> > > > >
> > > > > I'm planning to improve captcha as described in this thread:
> > > > > https://markmail.org/message/bmp6tq3t5j6rw2rz
> > > > >
> > > > > particularly, modify language.xml, add following attributes:
> > > > > 1) 'tip' - short text describing this captcha for ex. "Enter
> > uppercase
> > > > > English letters"
> > > > > 2) 'rangeStart' - initial letter/code of possible captcha
> characters
> > > > > 3) 'rangeEnd' - final letter/code of possible captcha characters
> > > > >
> > > > > processing for above
> > > > >
> > > > > Will try to implement it this week
> > > > >
> > > > > On Tue, 26 Jan 2021 at 11:26, seba.wagner@gmail.com <
> > > > seba.wagner@gmail.com
> > > > > >
> > > > > wrote:
> > > > >
> > > > > > Also the parameter "confirm" doesn't seem to have any meaning.
> It's
> > > not
> > > > > > referenced in the rest of the code.
> > > > > >
> > > > > > Maybe I will change my Jira to fix some of this instead of
> > disabling
> > > > > > captcha.
> > > > > >
> > > > > > Thanks
> > > > > > Seb
> > > > > >
> > > > > > Sebastian Wagner
> > > > > > Director Arrakeen Solutions, OM-Hosting.com
> > > > > > http://arrakeen-solutions.co.nz/
> > > > > > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > > > > > Video-Conferencing OpenMeetings
> > > > > > <
> > > > > >
> > > > >
> > > >
> > >
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > > > > > >
> > > > > > <
> > > > > >
> > > > >
> > > >
> > >
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > > > > > >
> > > > > >
> > > > > >
> > > > > > On Tue, 26 Jan 2021 at 17:21, seba.wagner@gmail.com <
> > > > > seba.wagner@gmail.com
> > > > > > >
> > > > > > wrote:
> > > > > >
> > > > > > > That doesn't mean that you shall not be able to disable it by
> > admin
> > > > > > > configuration parameters.
> > > > > > >
> > > > > > > Btw I tried the soap/Rest service for adding users. but for
> some
> > > > reason
> > > > > > it
> > > > > > > does not accept even the most complex password.
> > > > > > >
> > > > > > > curl --location --request POST '
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> https://my-server.xyz/openmeetings/services/user/?sid=b20c5012-3c94-4e7a-bc6a-61f8cced3150
> > > > > > > ' \
> > > > > > > --header 'Content-Type: application/json' \
> > > > > > > --header 'Cookie: JSESSIONID=866564BDD7D8562C9B8CD1B94621AB43'
> \
> > > > > > > --form
> > > > > 'user="{firstname:'\''asdads'\'',lastname:'\''aasds'\'',login:'\''
> > > > > > > Test123123'\'',password:'\''IAmComplex_@Testing1234
> > > > > '\'',right:['\''ADMIN
> > > > > > > '\''],languageId:1,timeZoneId:'\''Pacific/Auckland'\''}"' \
> > > > > > > --form 'confirm="false"'
> > > > > > >
> > > > > > >
> > > > > > > "IAmComplex_@Testing1234" is certainly a complex password.
> > > > > > >
> > > > > > > But the server reject it and in the log file it says:
> > > > > > > [39mDEBUG [0;39m 01-26 03:32:59.119
> > [36mo.a.o.w.UserWebService:191
> > > > > > > [-nio-443-exec-5] [0;39m - addNewUser::weak password
> > > > > > > 'IAmComplex_@Testing1234', msg: null
> > > > > > >
> > > > > > > Seems like msg is null but still the input is not valid, above
> > log
> > > is
> > > > > > from
> > > > > > > here:
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> https://github.com/apache/openmeetings/blob/master/openmeetings-webservice/src/main/java/org/apache/openmeetings/webservice/UserWebService.java#L186
> > > > > > >
> > > > > > > Looks strange to me.
> > > > > > >
> > > > > > > Sebastian Wagner
> > > > > > > Director Arrakeen Solutions, OM-Hosting.com
> > > > > > > http://arrakeen-solutions.co.nz/
> > > > > > > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > > > > > > Video-Conferencing OpenMeetings
> > > > > > >
> > > > > > > <
> > > > > >
> > > > >
> > > >
> > >
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > > > > > >
> > > > > > > <
> > > > > >
> > > > >
> > > >
> > >
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > On Tue, 26 Jan 2021 at 16:15, Maxim Solodovnik <
> > > solomax666@gmail.com
> > > > >
> > > > > > > wrote:
> > > > > > >
> > > > > > >> The captcha was added because it's absence was reported as
> > > security
> > > > > > >> vulnerability (you can check CVE at our security page ...)
> > > > > > >>
> > > > > > >> On Tue, 26 Jan 2021 at 10:05, seba.wagner@gmail.com <
> > > > > > >> seba.wagner@gmail.com>
> > > > > > >> wrote:
> > > > > > >>
> > > > > > >> > I can try with the API approach, it should be possible. It
> is
> > > > just a
> > > > > > bit
> > > > > > >> > hacky. It would be easier to create a Selenium test that
> does
> > > > both:
> > > > > > >> > a) sign up
> > > > > > >> > b) use that user to participate in a conference call
> > > > > > >> >
> > > > > > >> > I don't think the ability to turn off captcha would mean
> it's
> > a
> > > > > > security
> > > > > > >> > risk
> > > > > > >> >
> > > > > > >> > Thanks
> > > > > > >> > Seb
> > > > > > >> >
> > > > > > >> > Sebastian Wagner
> > > > > > >> > Director Arrakeen Solutions, OM-Hosting.com
> > > > > > >> > http://arrakeen-solutions.co.nz/
> > > > > > >> > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > > > > > >> > Video-Conferencing OpenMeetings
> > > > > > >> > <
> > > > > > >> >
> > > > > > >>
> > > > > >
> > > > >
> > > >
> > >
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > > > > > >> > >
> > > > > > >> > <
> > > > > > >> >
> > > > > > >>
> > > > > >
> > > > >
> > > >
> > >
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > > > > > >> > >
> > > > > > >> >
> > > > > > >> >
> > > > > > >> > On Tue, 26 Jan 2021 at 15:54, Maxim Solodovnik <
> > > > > solomax666@gmail.com>
> > > > > > >> > wrote:
> > > > > > >> >
> > > > > > >> > > I've added the comment: I'm -1 for this feature
> > > > > > >> > >
> > > > > > >> > > Registration is now covered with JUnit tests
> > > > > > >> > > For performance testing you can
> > > > > > >> > > 1) create users via API
> > > > > > >> > > 2) create users directly in DB
> > > > > > >> > >
> > > > > > >> > > Users tend to turn off all security related
> "complications"
> > > just
> > > > > > >> because
> > > > > > >> > > some of their clients have some difficulties .... :(
> > > > > > >> > > I'll plan to add customization options for captcha: i.e.
> > admin
> > > > can
> > > > > > >> > specify
> > > > > > >> > > "letter range" for captcha
> > > > > > >> > > In such case you can specify [A,A] range ... :)
> > > > > > >> > >
> > > > > > >> > > On Tue, 26 Jan 2021 at 09:49, seba.wagner@gmail.com <
> > > > > > >> > seba.wagner@gmail.com
> > > > > > >> > > >
> > > > > > >> > > wrote:
> > > > > > >> > >
> > > > > > >> > > > In order to do automated signup using Selenium.
> > > > > > >> > > > That is both for testing, but in my case it is around
> > > > > performance
> > > > > > >> and
> > > > > > >> > > load
> > > > > > >> > > > testing.
> > > > > > >> > > > I created a ticket for now:
> > > > > > >> > > > https://issues.apache.org/jira/browse/OPENMEETINGS-2560
> > and
> > > > see
> > > > > > how
> > > > > > >> > > > difficult it would be to add this config.
> > > > > > >> > > >
> > > > > > >> > > > Thanks,
> > > > > > >> > > > Seb
> > > > > > >> > > >
> > > > > > >> > > > Sebastian Wagner
> > > > > > >> > > > Director Arrakeen Solutions, OM-Hosting.com
> > > > > > >> > > > http://arrakeen-solutions.co.nz/
> > > > > > >> > > > https://om-hosting.com - Cloud & Server Hosting for
> HTML5
> > > > > > >> > > > Video-Conferencing OpenMeetings
> > > > > > >> > > > <
> > > > > > >> > > >
> > > > > > >> > >
> > > > > > >> >
> > > > > > >>
> > > > > >
> > > > >
> > > >
> > >
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > > > > > >> > > > >
> > > > > > >> > > > <
> > > > > > >> > > >
> > > > > > >> > >
> > > > > > >> >
> > > > > > >>
> > > > > >
> > > > >
> > > >
> > >
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > > > > > >> > > > >
> > > > > > >> > > >
> > > > > > >> > > >
> > > > > > >> > > > On Tue, 26 Jan 2021 at 15:44, Maxim Solodovnik <
> > > > > > >> solomax666@gmail.com>
> > > > > > >> > > > wrote:
> > > > > > >> > > >
> > > > > > >> > > > > Hello Sebastian,
> > > > > > >> > > > >
> > > > > > >> > > > > there is no such option ATM
> > > > > > >> > > > > Why is it required for you?
> > > > > > >> > > > >
> > > > > > >> > > > > On Tue, 26 Jan 2021 at 05:17, seba.wagner@gmail.com <
> > > > > > >> > > > seba.wagner@gmail.com
> > > > > > >> > > > > >
> > > > > > >> > > > > wrote:
> > > > > > >> > > > >
> > > > > > >> > > > > > Hi,
> > > > > > >> > > > > >
> > > > > > >> > > > > > is there a way to disable the need to enter a
> captcha
> > > > during
> > > > > > the
> > > > > > >> > sign
> > > > > > >> > > > up
> > > > > > >> > > > > ?
> > > > > > >> > > > > >
> > > > > > >> > > > > > Thanks
> > > > > > >> > > > > > Seb
> > > > > > >> > > > > >
> > > > > > >> > > > > > Sebastian Wagner
> > > > > > >> > > > > > Director Arrakeen Solutions, OM-Hosting.com
> > > > > > >> > > > > > http://arrakeen-solutions.co.nz/
> > > > > > >> > > > > > https://om-hosting.com - Cloud & Server Hosting for
> > > HTML5
> > > > > > >> > > > > > Video-Conferencing OpenMeetings
> > > > > > >> > > > > > <
> > > > > > >> > > > > >
> > > > > > >> > > > >
> > > > > > >> > > >
> > > > > > >> > >
> > > > > > >> >
> > > > > > >>
> > > > > >
> > > > >
> > > >
> > >
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > > > > > >> > > > > > >
> > > > > > >> > > > > > <
> > > > > > >> > > > > >
> > > > > > >> > > > >
> > > > > > >> > > >
> > > > > > >> > >
> > > > > > >> >
> > > > > > >>
> > > > > >
> > > > >
> > > >
> > >
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > > > > > >> > > > > > >
> > > > > > >> > > > > >
> > > > > > >> > > > >
> > > > > > >> > > > >
> > > > > > >> > > > > --
> > > > > > >> > > > > Best regards,
> > > > > > >> > > > > Maxim
> > > > > > >> > > > >
> > > > > > >> > > >
> > > > > > >> > >
> > > > > > >> > >
> > > > > > >> > > --
> > > > > > >> > > Best regards,
> > > > > > >> > > Maxim
> > > > > > >> > >
> > > > > > >> >
> > > > > > >>
> > > > > > >>
> > > > > > >> --
> > > > > > >> Best regards,
> > > > > > >> Maxim
> > > > > > >>
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Best regards,
> > > > > Maxim
> > > > >
> > > > --
> > > > Sebastian Wagner
> > > > Director Arrakeen Solutions, OM-Hosting.com
> > > > http://arrakeen-solutions.co.nz/
> > > > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > > > Video-Conferencing OpenMeetings
> > > > <
> > > >
> > >
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > > > >
> > > > <
> > > >
> > >
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > > > >
> > > >
> > >
> > >
> > > --
> > > Best regards,
> > > Maxim
> > >
> > --
> > Sebastian Wagner
> > Director Arrakeen Solutions, OM-Hosting.com
> > http://arrakeen-solutions.co.nz/
> > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > Video-Conferencing OpenMeetings
> > <
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > >
> > <
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > >
> >
>
>
> --
> Best regards,
> Maxim
>
--
Sebastian Wagner
Director Arrakeen Solutions, OM-Hosting.com
http://arrakeen-solutions.co.nz/
https://om-hosting.com - Cloud & Server Hosting for HTML5
Video-Conferencing OpenMeetings
<https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
<https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
Re: Disable captch during sign up
Posted by Maxim Solodovnik <so...@gmail.com>.
On Tue, 26 Jan 2021 at 15:20, seba.wagner@gmail.com <se...@gmail.com>
wrote:
> That is very nifty subset of rule.
> Let me try that again.
>
> Would be good to log the actual error instead of the password.
> And/or return it in the api response.
>
The code for this was added:
https://github.com/apache/openmeetings/blob/master/openmeetings-webservice/src/main/java/org/apache/openmeetings/webservice/UserWebService.java#L191
Maybe it has some bugs ... :(
>
> Currently all those calls just return error 500 without any indication or
> msg as of why it failed. Mostly because the ‘ServiceException’ is not part
> of the method signature. So neither cxf nor jax-rs can map it to a response
> body.
>
I had no time to check the mapping :(
I would appreciate it if you can improve this :)
>
> But if you look at the msg in the log it actually says ‘null’. So even if
> the service could map ServiceException to a response body, it would just
> contain an empty message.
>
> Thanks
> Sebastain
>
> On Tue, 26 Jan 2021 at 7:51 PM, Maxim Solodovnik <so...@gmail.com>
> wrote:
>
> > On Tue, 26 Jan 2021 at 13:45, seba.wagner@gmail.com <
> seba.wagner@gmail.com
> > >
> > wrote:
> >
> > > The log debug message clearly shows the actual password on the server
> > side.
> > > It logs the actual password on server side.
> > >
> > >
> > yep
> > my bad
> > your password contains login
> > which is violation ...
> >
> >
> > > Anyway I will try again with debugger turned on.
> > >
> > > Thanks
> > > Seb
> > >
> > > On Tue, 26 Jan 2021 at 6:50 PM, Maxim Solodovnik <solomax666@gmail.com
> >
> > > wrote:
> > >
> > > > Your issue with add user is most probably caused by the request you
> are
> > > > sending (I guess password is treated as NULL)
> > > >
> > > > here is the example of valid request
> > > >
> > > > Address:
> > > >
> > >
> >
> http://localhost:46325/openmeetings/services/user/?sid=5538950f-74f3-4ba2-ad29-b1309bac1cf7
> > > > HttpMethod: POST
> > > > Content-Type: application/x-www-form-urlencoded
> > > > ExchangeId: 39d80bfb-778f-456e-ba6a-cbecc9208a01
> > > > Headers: {Accept=application/json, host=localhost:46325,
> > > > connection=keep-alive,
> content-type=application/x-www-form-urlencoded,
> > > > cache-control=no-cache, Content-Length=552, pragma=no-cache,
> > > > user-agent=Apache-CXF/3.4.1}
> > > > Payload:
> > > >
> > >
> >
> user=%7B%22address%22%3A%7B%22deleted%22%3Afalse%2C%22email%22%3A%22email89749faf-8fc0-43d7-a372-46caed5ce271%40local%22%7D%2C%22firstname%22%3A%22firstname89749faf-8fc0-43d7-a372-46caed5ce271%22%2C%22languageId%22%3A1%2C%22lastname%22%3A%22lastname89749faf-8fc0-43d7-a372-46caed5ce271%22%2C%22login%22%3A%22login89749faf-8fc0-43d7-a372-46caed5ce271%22%2C%22password%22%3A%22pass1_%21%40%23%24%25_A%22%2C%22rights%22%3A%5B%22LOGIN%22%2C%22ROOM%22%2C%22DASHBOARD%22%5D%2C%22timeZoneId%22%3A%22Asia%2FBangkok%22%2C%22type%22%3A%22USER%22%7D&confirm=false
> > > >
> > > >
> > > > can always be checked on build server:
> > > >
> > > >
> > >
> >
> https://ci-builds.apache.org/job/OpenMeetings/job/openmeetings/230/consoleFull
> > > >
> > > > I'm planning to improve captcha as described in this thread:
> > > > https://markmail.org/message/bmp6tq3t5j6rw2rz
> > > >
> > > > particularly, modify language.xml, add following attributes:
> > > > 1) 'tip' - short text describing this captcha for ex. "Enter
> uppercase
> > > > English letters"
> > > > 2) 'rangeStart' - initial letter/code of possible captcha characters
> > > > 3) 'rangeEnd' - final letter/code of possible captcha characters
> > > >
> > > > processing for above
> > > >
> > > > Will try to implement it this week
> > > >
> > > > On Tue, 26 Jan 2021 at 11:26, seba.wagner@gmail.com <
> > > seba.wagner@gmail.com
> > > > >
> > > > wrote:
> > > >
> > > > > Also the parameter "confirm" doesn't seem to have any meaning. It's
> > not
> > > > > referenced in the rest of the code.
> > > > >
> > > > > Maybe I will change my Jira to fix some of this instead of
> disabling
> > > > > captcha.
> > > > >
> > > > > Thanks
> > > > > Seb
> > > > >
> > > > > Sebastian Wagner
> > > > > Director Arrakeen Solutions, OM-Hosting.com
> > > > > http://arrakeen-solutions.co.nz/
> > > > > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > > > > Video-Conferencing OpenMeetings
> > > > > <
> > > > >
> > > >
> > >
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > > > > >
> > > > > <
> > > > >
> > > >
> > >
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > > > > >
> > > > >
> > > > >
> > > > > On Tue, 26 Jan 2021 at 17:21, seba.wagner@gmail.com <
> > > > seba.wagner@gmail.com
> > > > > >
> > > > > wrote:
> > > > >
> > > > > > That doesn't mean that you shall not be able to disable it by
> admin
> > > > > > configuration parameters.
> > > > > >
> > > > > > Btw I tried the soap/Rest service for adding users. but for some
> > > reason
> > > > > it
> > > > > > does not accept even the most complex password.
> > > > > >
> > > > > > curl --location --request POST '
> > > > > >
> > > > >
> > > >
> > >
> >
> https://my-server.xyz/openmeetings/services/user/?sid=b20c5012-3c94-4e7a-bc6a-61f8cced3150
> > > > > > ' \
> > > > > > --header 'Content-Type: application/json' \
> > > > > > --header 'Cookie: JSESSIONID=866564BDD7D8562C9B8CD1B94621AB43' \
> > > > > > --form
> > > > 'user="{firstname:'\''asdads'\'',lastname:'\''aasds'\'',login:'\''
> > > > > > Test123123'\'',password:'\''IAmComplex_@Testing1234
> > > > '\'',right:['\''ADMIN
> > > > > > '\''],languageId:1,timeZoneId:'\''Pacific/Auckland'\''}"' \
> > > > > > --form 'confirm="false"'
> > > > > >
> > > > > >
> > > > > > "IAmComplex_@Testing1234" is certainly a complex password.
> > > > > >
> > > > > > But the server reject it and in the log file it says:
> > > > > > [39mDEBUG [0;39m 01-26 03:32:59.119
> [36mo.a.o.w.UserWebService:191
> > > > > > [-nio-443-exec-5] [0;39m - addNewUser::weak password
> > > > > > 'IAmComplex_@Testing1234', msg: null
> > > > > >
> > > > > > Seems like msg is null but still the input is not valid, above
> log
> > is
> > > > > from
> > > > > > here:
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> https://github.com/apache/openmeetings/blob/master/openmeetings-webservice/src/main/java/org/apache/openmeetings/webservice/UserWebService.java#L186
> > > > > >
> > > > > > Looks strange to me.
> > > > > >
> > > > > > Sebastian Wagner
> > > > > > Director Arrakeen Solutions, OM-Hosting.com
> > > > > > http://arrakeen-solutions.co.nz/
> > > > > > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > > > > > Video-Conferencing OpenMeetings
> > > > > >
> > > > > > <
> > > > >
> > > >
> > >
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > > > > >
> > > > > > <
> > > > >
> > > >
> > >
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Tue, 26 Jan 2021 at 16:15, Maxim Solodovnik <
> > solomax666@gmail.com
> > > >
> > > > > > wrote:
> > > > > >
> > > > > >> The captcha was added because it's absence was reported as
> > security
> > > > > >> vulnerability (you can check CVE at our security page ...)
> > > > > >>
> > > > > >> On Tue, 26 Jan 2021 at 10:05, seba.wagner@gmail.com <
> > > > > >> seba.wagner@gmail.com>
> > > > > >> wrote:
> > > > > >>
> > > > > >> > I can try with the API approach, it should be possible. It is
> > > just a
> > > > > bit
> > > > > >> > hacky. It would be easier to create a Selenium test that does
> > > both:
> > > > > >> > a) sign up
> > > > > >> > b) use that user to participate in a conference call
> > > > > >> >
> > > > > >> > I don't think the ability to turn off captcha would mean it's
> a
> > > > > security
> > > > > >> > risk
> > > > > >> >
> > > > > >> > Thanks
> > > > > >> > Seb
> > > > > >> >
> > > > > >> > Sebastian Wagner
> > > > > >> > Director Arrakeen Solutions, OM-Hosting.com
> > > > > >> > http://arrakeen-solutions.co.nz/
> > > > > >> > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > > > > >> > Video-Conferencing OpenMeetings
> > > > > >> > <
> > > > > >> >
> > > > > >>
> > > > >
> > > >
> > >
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > > > > >> > >
> > > > > >> > <
> > > > > >> >
> > > > > >>
> > > > >
> > > >
> > >
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > > > > >> > >
> > > > > >> >
> > > > > >> >
> > > > > >> > On Tue, 26 Jan 2021 at 15:54, Maxim Solodovnik <
> > > > solomax666@gmail.com>
> > > > > >> > wrote:
> > > > > >> >
> > > > > >> > > I've added the comment: I'm -1 for this feature
> > > > > >> > >
> > > > > >> > > Registration is now covered with JUnit tests
> > > > > >> > > For performance testing you can
> > > > > >> > > 1) create users via API
> > > > > >> > > 2) create users directly in DB
> > > > > >> > >
> > > > > >> > > Users tend to turn off all security related "complications"
> > just
> > > > > >> because
> > > > > >> > > some of their clients have some difficulties .... :(
> > > > > >> > > I'll plan to add customization options for captcha: i.e.
> admin
> > > can
> > > > > >> > specify
> > > > > >> > > "letter range" for captcha
> > > > > >> > > In such case you can specify [A,A] range ... :)
> > > > > >> > >
> > > > > >> > > On Tue, 26 Jan 2021 at 09:49, seba.wagner@gmail.com <
> > > > > >> > seba.wagner@gmail.com
> > > > > >> > > >
> > > > > >> > > wrote:
> > > > > >> > >
> > > > > >> > > > In order to do automated signup using Selenium.
> > > > > >> > > > That is both for testing, but in my case it is around
> > > > performance
> > > > > >> and
> > > > > >> > > load
> > > > > >> > > > testing.
> > > > > >> > > > I created a ticket for now:
> > > > > >> > > > https://issues.apache.org/jira/browse/OPENMEETINGS-2560
> and
> > > see
> > > > > how
> > > > > >> > > > difficult it would be to add this config.
> > > > > >> > > >
> > > > > >> > > > Thanks,
> > > > > >> > > > Seb
> > > > > >> > > >
> > > > > >> > > > Sebastian Wagner
> > > > > >> > > > Director Arrakeen Solutions, OM-Hosting.com
> > > > > >> > > > http://arrakeen-solutions.co.nz/
> > > > > >> > > > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > > > > >> > > > Video-Conferencing OpenMeetings
> > > > > >> > > > <
> > > > > >> > > >
> > > > > >> > >
> > > > > >> >
> > > > > >>
> > > > >
> > > >
> > >
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > > > > >> > > > >
> > > > > >> > > > <
> > > > > >> > > >
> > > > > >> > >
> > > > > >> >
> > > > > >>
> > > > >
> > > >
> > >
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > > > > >> > > > >
> > > > > >> > > >
> > > > > >> > > >
> > > > > >> > > > On Tue, 26 Jan 2021 at 15:44, Maxim Solodovnik <
> > > > > >> solomax666@gmail.com>
> > > > > >> > > > wrote:
> > > > > >> > > >
> > > > > >> > > > > Hello Sebastian,
> > > > > >> > > > >
> > > > > >> > > > > there is no such option ATM
> > > > > >> > > > > Why is it required for you?
> > > > > >> > > > >
> > > > > >> > > > > On Tue, 26 Jan 2021 at 05:17, seba.wagner@gmail.com <
> > > > > >> > > > seba.wagner@gmail.com
> > > > > >> > > > > >
> > > > > >> > > > > wrote:
> > > > > >> > > > >
> > > > > >> > > > > > Hi,
> > > > > >> > > > > >
> > > > > >> > > > > > is there a way to disable the need to enter a captcha
> > > during
> > > > > the
> > > > > >> > sign
> > > > > >> > > > up
> > > > > >> > > > > ?
> > > > > >> > > > > >
> > > > > >> > > > > > Thanks
> > > > > >> > > > > > Seb
> > > > > >> > > > > >
> > > > > >> > > > > > Sebastian Wagner
> > > > > >> > > > > > Director Arrakeen Solutions, OM-Hosting.com
> > > > > >> > > > > > http://arrakeen-solutions.co.nz/
> > > > > >> > > > > > https://om-hosting.com - Cloud & Server Hosting for
> > HTML5
> > > > > >> > > > > > Video-Conferencing OpenMeetings
> > > > > >> > > > > > <
> > > > > >> > > > > >
> > > > > >> > > > >
> > > > > >> > > >
> > > > > >> > >
> > > > > >> >
> > > > > >>
> > > > >
> > > >
> > >
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > > > > >> > > > > > >
> > > > > >> > > > > > <
> > > > > >> > > > > >
> > > > > >> > > > >
> > > > > >> > > >
> > > > > >> > >
> > > > > >> >
> > > > > >>
> > > > >
> > > >
> > >
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > > > > >> > > > > > >
> > > > > >> > > > > >
> > > > > >> > > > >
> > > > > >> > > > >
> > > > > >> > > > > --
> > > > > >> > > > > Best regards,
> > > > > >> > > > > Maxim
> > > > > >> > > > >
> > > > > >> > > >
> > > > > >> > >
> > > > > >> > >
> > > > > >> > > --
> > > > > >> > > Best regards,
> > > > > >> > > Maxim
> > > > > >> > >
> > > > > >> >
> > > > > >>
> > > > > >>
> > > > > >> --
> > > > > >> Best regards,
> > > > > >> Maxim
> > > > > >>
> > > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Best regards,
> > > > Maxim
> > > >
> > > --
> > > Sebastian Wagner
> > > Director Arrakeen Solutions, OM-Hosting.com
> > > http://arrakeen-solutions.co.nz/
> > > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > > Video-Conferencing OpenMeetings
> > > <
> > >
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > > >
> > > <
> > >
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > > >
> > >
> >
> >
> > --
> > Best regards,
> > Maxim
> >
> --
> Sebastian Wagner
> Director Arrakeen Solutions, OM-Hosting.com
> http://arrakeen-solutions.co.nz/
> https://om-hosting.com - Cloud & Server Hosting for HTML5
> Video-Conferencing OpenMeetings
> <
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> >
> <
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> >
>
--
Best regards,
Maxim
Re: Disable captch during sign up
Posted by "seba.wagner@gmail.com" <se...@gmail.com>.
That is very nifty subset of rule.
Let me try that again.
Would be good to log the actual error instead of the password.
And/or return it in the api response.
Currently all those calls just return error 500 without any indication or
msg as of why it failed. Mostly because the ‘ServiceException’ is not part
of the method signature. So neither cxf nor jax-rs can map it to a response
body.
But if you look at the msg in the log it actually says ‘null’. So even if
the service could map ServiceException to a response body, it would just
contain an empty message.
Thanks
Sebastain
On Tue, 26 Jan 2021 at 7:51 PM, Maxim Solodovnik <so...@gmail.com>
wrote:
> On Tue, 26 Jan 2021 at 13:45, seba.wagner@gmail.com <seba.wagner@gmail.com
> >
> wrote:
>
> > The log debug message clearly shows the actual password on the server
> side.
> > It logs the actual password on server side.
> >
> >
> yep
> my bad
> your password contains login
> which is violation ...
>
>
> > Anyway I will try again with debugger turned on.
> >
> > Thanks
> > Seb
> >
> > On Tue, 26 Jan 2021 at 6:50 PM, Maxim Solodovnik <so...@gmail.com>
> > wrote:
> >
> > > Your issue with add user is most probably caused by the request you are
> > > sending (I guess password is treated as NULL)
> > >
> > > here is the example of valid request
> > >
> > > Address:
> > >
> >
> http://localhost:46325/openmeetings/services/user/?sid=5538950f-74f3-4ba2-ad29-b1309bac1cf7
> > > HttpMethod: POST
> > > Content-Type: application/x-www-form-urlencoded
> > > ExchangeId: 39d80bfb-778f-456e-ba6a-cbecc9208a01
> > > Headers: {Accept=application/json, host=localhost:46325,
> > > connection=keep-alive, content-type=application/x-www-form-urlencoded,
> > > cache-control=no-cache, Content-Length=552, pragma=no-cache,
> > > user-agent=Apache-CXF/3.4.1}
> > > Payload:
> > >
> >
> user=%7B%22address%22%3A%7B%22deleted%22%3Afalse%2C%22email%22%3A%22email89749faf-8fc0-43d7-a372-46caed5ce271%40local%22%7D%2C%22firstname%22%3A%22firstname89749faf-8fc0-43d7-a372-46caed5ce271%22%2C%22languageId%22%3A1%2C%22lastname%22%3A%22lastname89749faf-8fc0-43d7-a372-46caed5ce271%22%2C%22login%22%3A%22login89749faf-8fc0-43d7-a372-46caed5ce271%22%2C%22password%22%3A%22pass1_%21%40%23%24%25_A%22%2C%22rights%22%3A%5B%22LOGIN%22%2C%22ROOM%22%2C%22DASHBOARD%22%5D%2C%22timeZoneId%22%3A%22Asia%2FBangkok%22%2C%22type%22%3A%22USER%22%7D&confirm=false
> > >
> > >
> > > can always be checked on build server:
> > >
> > >
> >
> https://ci-builds.apache.org/job/OpenMeetings/job/openmeetings/230/consoleFull
> > >
> > > I'm planning to improve captcha as described in this thread:
> > > https://markmail.org/message/bmp6tq3t5j6rw2rz
> > >
> > > particularly, modify language.xml, add following attributes:
> > > 1) 'tip' - short text describing this captcha for ex. "Enter uppercase
> > > English letters"
> > > 2) 'rangeStart' - initial letter/code of possible captcha characters
> > > 3) 'rangeEnd' - final letter/code of possible captcha characters
> > >
> > > processing for above
> > >
> > > Will try to implement it this week
> > >
> > > On Tue, 26 Jan 2021 at 11:26, seba.wagner@gmail.com <
> > seba.wagner@gmail.com
> > > >
> > > wrote:
> > >
> > > > Also the parameter "confirm" doesn't seem to have any meaning. It's
> not
> > > > referenced in the rest of the code.
> > > >
> > > > Maybe I will change my Jira to fix some of this instead of disabling
> > > > captcha.
> > > >
> > > > Thanks
> > > > Seb
> > > >
> > > > Sebastian Wagner
> > > > Director Arrakeen Solutions, OM-Hosting.com
> > > > http://arrakeen-solutions.co.nz/
> > > > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > > > Video-Conferencing OpenMeetings
> > > > <
> > > >
> > >
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > > > >
> > > > <
> > > >
> > >
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > > > >
> > > >
> > > >
> > > > On Tue, 26 Jan 2021 at 17:21, seba.wagner@gmail.com <
> > > seba.wagner@gmail.com
> > > > >
> > > > wrote:
> > > >
> > > > > That doesn't mean that you shall not be able to disable it by admin
> > > > > configuration parameters.
> > > > >
> > > > > Btw I tried the soap/Rest service for adding users. but for some
> > reason
> > > > it
> > > > > does not accept even the most complex password.
> > > > >
> > > > > curl --location --request POST '
> > > > >
> > > >
> > >
> >
> https://my-server.xyz/openmeetings/services/user/?sid=b20c5012-3c94-4e7a-bc6a-61f8cced3150
> > > > > ' \
> > > > > --header 'Content-Type: application/json' \
> > > > > --header 'Cookie: JSESSIONID=866564BDD7D8562C9B8CD1B94621AB43' \
> > > > > --form
> > > 'user="{firstname:'\''asdads'\'',lastname:'\''aasds'\'',login:'\''
> > > > > Test123123'\'',password:'\''IAmComplex_@Testing1234
> > > '\'',right:['\''ADMIN
> > > > > '\''],languageId:1,timeZoneId:'\''Pacific/Auckland'\''}"' \
> > > > > --form 'confirm="false"'
> > > > >
> > > > >
> > > > > "IAmComplex_@Testing1234" is certainly a complex password.
> > > > >
> > > > > But the server reject it and in the log file it says:
> > > > > [39mDEBUG [0;39m 01-26 03:32:59.119 [36mo.a.o.w.UserWebService:191
> > > > > [-nio-443-exec-5] [0;39m - addNewUser::weak password
> > > > > 'IAmComplex_@Testing1234', msg: null
> > > > >
> > > > > Seems like msg is null but still the input is not valid, above log
> is
> > > > from
> > > > > here:
> > > > >
> > > > >
> > > >
> > >
> >
> https://github.com/apache/openmeetings/blob/master/openmeetings-webservice/src/main/java/org/apache/openmeetings/webservice/UserWebService.java#L186
> > > > >
> > > > > Looks strange to me.
> > > > >
> > > > > Sebastian Wagner
> > > > > Director Arrakeen Solutions, OM-Hosting.com
> > > > > http://arrakeen-solutions.co.nz/
> > > > > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > > > > Video-Conferencing OpenMeetings
> > > > >
> > > > > <
> > > >
> > >
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > > > >
> > > > > <
> > > >
> > >
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > > > >
> > > > >
> > > > >
> > > > > On Tue, 26 Jan 2021 at 16:15, Maxim Solodovnik <
> solomax666@gmail.com
> > >
> > > > > wrote:
> > > > >
> > > > >> The captcha was added because it's absence was reported as
> security
> > > > >> vulnerability (you can check CVE at our security page ...)
> > > > >>
> > > > >> On Tue, 26 Jan 2021 at 10:05, seba.wagner@gmail.com <
> > > > >> seba.wagner@gmail.com>
> > > > >> wrote:
> > > > >>
> > > > >> > I can try with the API approach, it should be possible. It is
> > just a
> > > > bit
> > > > >> > hacky. It would be easier to create a Selenium test that does
> > both:
> > > > >> > a) sign up
> > > > >> > b) use that user to participate in a conference call
> > > > >> >
> > > > >> > I don't think the ability to turn off captcha would mean it's a
> > > > security
> > > > >> > risk
> > > > >> >
> > > > >> > Thanks
> > > > >> > Seb
> > > > >> >
> > > > >> > Sebastian Wagner
> > > > >> > Director Arrakeen Solutions, OM-Hosting.com
> > > > >> > http://arrakeen-solutions.co.nz/
> > > > >> > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > > > >> > Video-Conferencing OpenMeetings
> > > > >> > <
> > > > >> >
> > > > >>
> > > >
> > >
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > > > >> > >
> > > > >> > <
> > > > >> >
> > > > >>
> > > >
> > >
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > > > >> > >
> > > > >> >
> > > > >> >
> > > > >> > On Tue, 26 Jan 2021 at 15:54, Maxim Solodovnik <
> > > solomax666@gmail.com>
> > > > >> > wrote:
> > > > >> >
> > > > >> > > I've added the comment: I'm -1 for this feature
> > > > >> > >
> > > > >> > > Registration is now covered with JUnit tests
> > > > >> > > For performance testing you can
> > > > >> > > 1) create users via API
> > > > >> > > 2) create users directly in DB
> > > > >> > >
> > > > >> > > Users tend to turn off all security related "complications"
> just
> > > > >> because
> > > > >> > > some of their clients have some difficulties .... :(
> > > > >> > > I'll plan to add customization options for captcha: i.e. admin
> > can
> > > > >> > specify
> > > > >> > > "letter range" for captcha
> > > > >> > > In such case you can specify [A,A] range ... :)
> > > > >> > >
> > > > >> > > On Tue, 26 Jan 2021 at 09:49, seba.wagner@gmail.com <
> > > > >> > seba.wagner@gmail.com
> > > > >> > > >
> > > > >> > > wrote:
> > > > >> > >
> > > > >> > > > In order to do automated signup using Selenium.
> > > > >> > > > That is both for testing, but in my case it is around
> > > performance
> > > > >> and
> > > > >> > > load
> > > > >> > > > testing.
> > > > >> > > > I created a ticket for now:
> > > > >> > > > https://issues.apache.org/jira/browse/OPENMEETINGS-2560 and
> > see
> > > > how
> > > > >> > > > difficult it would be to add this config.
> > > > >> > > >
> > > > >> > > > Thanks,
> > > > >> > > > Seb
> > > > >> > > >
> > > > >> > > > Sebastian Wagner
> > > > >> > > > Director Arrakeen Solutions, OM-Hosting.com
> > > > >> > > > http://arrakeen-solutions.co.nz/
> > > > >> > > > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > > > >> > > > Video-Conferencing OpenMeetings
> > > > >> > > > <
> > > > >> > > >
> > > > >> > >
> > > > >> >
> > > > >>
> > > >
> > >
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > > > >> > > > >
> > > > >> > > > <
> > > > >> > > >
> > > > >> > >
> > > > >> >
> > > > >>
> > > >
> > >
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > > > >> > > > >
> > > > >> > > >
> > > > >> > > >
> > > > >> > > > On Tue, 26 Jan 2021 at 15:44, Maxim Solodovnik <
> > > > >> solomax666@gmail.com>
> > > > >> > > > wrote:
> > > > >> > > >
> > > > >> > > > > Hello Sebastian,
> > > > >> > > > >
> > > > >> > > > > there is no such option ATM
> > > > >> > > > > Why is it required for you?
> > > > >> > > > >
> > > > >> > > > > On Tue, 26 Jan 2021 at 05:17, seba.wagner@gmail.com <
> > > > >> > > > seba.wagner@gmail.com
> > > > >> > > > > >
> > > > >> > > > > wrote:
> > > > >> > > > >
> > > > >> > > > > > Hi,
> > > > >> > > > > >
> > > > >> > > > > > is there a way to disable the need to enter a captcha
> > during
> > > > the
> > > > >> > sign
> > > > >> > > > up
> > > > >> > > > > ?
> > > > >> > > > > >
> > > > >> > > > > > Thanks
> > > > >> > > > > > Seb
> > > > >> > > > > >
> > > > >> > > > > > Sebastian Wagner
> > > > >> > > > > > Director Arrakeen Solutions, OM-Hosting.com
> > > > >> > > > > > http://arrakeen-solutions.co.nz/
> > > > >> > > > > > https://om-hosting.com - Cloud & Server Hosting for
> HTML5
> > > > >> > > > > > Video-Conferencing OpenMeetings
> > > > >> > > > > > <
> > > > >> > > > > >
> > > > >> > > > >
> > > > >> > > >
> > > > >> > >
> > > > >> >
> > > > >>
> > > >
> > >
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > > > >> > > > > > >
> > > > >> > > > > > <
> > > > >> > > > > >
> > > > >> > > > >
> > > > >> > > >
> > > > >> > >
> > > > >> >
> > > > >>
> > > >
> > >
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > > > >> > > > > > >
> > > > >> > > > > >
> > > > >> > > > >
> > > > >> > > > >
> > > > >> > > > > --
> > > > >> > > > > Best regards,
> > > > >> > > > > Maxim
> > > > >> > > > >
> > > > >> > > >
> > > > >> > >
> > > > >> > >
> > > > >> > > --
> > > > >> > > Best regards,
> > > > >> > > Maxim
> > > > >> > >
> > > > >> >
> > > > >>
> > > > >>
> > > > >> --
> > > > >> Best regards,
> > > > >> Maxim
> > > > >>
> > > > >
> > > >
> > >
> > >
> > > --
> > > Best regards,
> > > Maxim
> > >
> > --
> > Sebastian Wagner
> > Director Arrakeen Solutions, OM-Hosting.com
> > http://arrakeen-solutions.co.nz/
> > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > Video-Conferencing OpenMeetings
> > <
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > >
> > <
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > >
> >
>
>
> --
> Best regards,
> Maxim
>
--
Sebastian Wagner
Director Arrakeen Solutions, OM-Hosting.com
http://arrakeen-solutions.co.nz/
https://om-hosting.com - Cloud & Server Hosting for HTML5
Video-Conferencing OpenMeetings
<https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
<https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
Re: Disable captch during sign up
Posted by Maxim Solodovnik <so...@gmail.com>.
On Tue, 26 Jan 2021 at 13:45, seba.wagner@gmail.com <se...@gmail.com>
wrote:
> The log debug message clearly shows the actual password on the server side.
> It logs the actual password on server side.
>
>
yep
my bad
your password contains login
which is violation ...
> Anyway I will try again with debugger turned on.
>
> Thanks
> Seb
>
> On Tue, 26 Jan 2021 at 6:50 PM, Maxim Solodovnik <so...@gmail.com>
> wrote:
>
> > Your issue with add user is most probably caused by the request you are
> > sending (I guess password is treated as NULL)
> >
> > here is the example of valid request
> >
> > Address:
> >
> http://localhost:46325/openmeetings/services/user/?sid=5538950f-74f3-4ba2-ad29-b1309bac1cf7
> > HttpMethod: POST
> > Content-Type: application/x-www-form-urlencoded
> > ExchangeId: 39d80bfb-778f-456e-ba6a-cbecc9208a01
> > Headers: {Accept=application/json, host=localhost:46325,
> > connection=keep-alive, content-type=application/x-www-form-urlencoded,
> > cache-control=no-cache, Content-Length=552, pragma=no-cache,
> > user-agent=Apache-CXF/3.4.1}
> > Payload:
> >
> user=%7B%22address%22%3A%7B%22deleted%22%3Afalse%2C%22email%22%3A%22email89749faf-8fc0-43d7-a372-46caed5ce271%40local%22%7D%2C%22firstname%22%3A%22firstname89749faf-8fc0-43d7-a372-46caed5ce271%22%2C%22languageId%22%3A1%2C%22lastname%22%3A%22lastname89749faf-8fc0-43d7-a372-46caed5ce271%22%2C%22login%22%3A%22login89749faf-8fc0-43d7-a372-46caed5ce271%22%2C%22password%22%3A%22pass1_%21%40%23%24%25_A%22%2C%22rights%22%3A%5B%22LOGIN%22%2C%22ROOM%22%2C%22DASHBOARD%22%5D%2C%22timeZoneId%22%3A%22Asia%2FBangkok%22%2C%22type%22%3A%22USER%22%7D&confirm=false
> >
> >
> > can always be checked on build server:
> >
> >
> https://ci-builds.apache.org/job/OpenMeetings/job/openmeetings/230/consoleFull
> >
> > I'm planning to improve captcha as described in this thread:
> > https://markmail.org/message/bmp6tq3t5j6rw2rz
> >
> > particularly, modify language.xml, add following attributes:
> > 1) 'tip' - short text describing this captcha for ex. "Enter uppercase
> > English letters"
> > 2) 'rangeStart' - initial letter/code of possible captcha characters
> > 3) 'rangeEnd' - final letter/code of possible captcha characters
> >
> > processing for above
> >
> > Will try to implement it this week
> >
> > On Tue, 26 Jan 2021 at 11:26, seba.wagner@gmail.com <
> seba.wagner@gmail.com
> > >
> > wrote:
> >
> > > Also the parameter "confirm" doesn't seem to have any meaning. It's not
> > > referenced in the rest of the code.
> > >
> > > Maybe I will change my Jira to fix some of this instead of disabling
> > > captcha.
> > >
> > > Thanks
> > > Seb
> > >
> > > Sebastian Wagner
> > > Director Arrakeen Solutions, OM-Hosting.com
> > > http://arrakeen-solutions.co.nz/
> > > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > > Video-Conferencing OpenMeetings
> > > <
> > >
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > > >
> > > <
> > >
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > > >
> > >
> > >
> > > On Tue, 26 Jan 2021 at 17:21, seba.wagner@gmail.com <
> > seba.wagner@gmail.com
> > > >
> > > wrote:
> > >
> > > > That doesn't mean that you shall not be able to disable it by admin
> > > > configuration parameters.
> > > >
> > > > Btw I tried the soap/Rest service for adding users. but for some
> reason
> > > it
> > > > does not accept even the most complex password.
> > > >
> > > > curl --location --request POST '
> > > >
> > >
> >
> https://my-server.xyz/openmeetings/services/user/?sid=b20c5012-3c94-4e7a-bc6a-61f8cced3150
> > > > ' \
> > > > --header 'Content-Type: application/json' \
> > > > --header 'Cookie: JSESSIONID=866564BDD7D8562C9B8CD1B94621AB43' \
> > > > --form
> > 'user="{firstname:'\''asdads'\'',lastname:'\''aasds'\'',login:'\''
> > > > Test123123'\'',password:'\''IAmComplex_@Testing1234
> > '\'',right:['\''ADMIN
> > > > '\''],languageId:1,timeZoneId:'\''Pacific/Auckland'\''}"' \
> > > > --form 'confirm="false"'
> > > >
> > > >
> > > > "IAmComplex_@Testing1234" is certainly a complex password.
> > > >
> > > > But the server reject it and in the log file it says:
> > > > [39mDEBUG [0;39m 01-26 03:32:59.119 [36mo.a.o.w.UserWebService:191
> > > > [-nio-443-exec-5] [0;39m - addNewUser::weak password
> > > > 'IAmComplex_@Testing1234', msg: null
> > > >
> > > > Seems like msg is null but still the input is not valid, above log is
> > > from
> > > > here:
> > > >
> > > >
> > >
> >
> https://github.com/apache/openmeetings/blob/master/openmeetings-webservice/src/main/java/org/apache/openmeetings/webservice/UserWebService.java#L186
> > > >
> > > > Looks strange to me.
> > > >
> > > > Sebastian Wagner
> > > > Director Arrakeen Solutions, OM-Hosting.com
> > > > http://arrakeen-solutions.co.nz/
> > > > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > > > Video-Conferencing OpenMeetings
> > > >
> > > > <
> > >
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > > >
> > > > <
> > >
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > > >
> > > >
> > > >
> > > > On Tue, 26 Jan 2021 at 16:15, Maxim Solodovnik <solomax666@gmail.com
> >
> > > > wrote:
> > > >
> > > >> The captcha was added because it's absence was reported as security
> > > >> vulnerability (you can check CVE at our security page ...)
> > > >>
> > > >> On Tue, 26 Jan 2021 at 10:05, seba.wagner@gmail.com <
> > > >> seba.wagner@gmail.com>
> > > >> wrote:
> > > >>
> > > >> > I can try with the API approach, it should be possible. It is
> just a
> > > bit
> > > >> > hacky. It would be easier to create a Selenium test that does
> both:
> > > >> > a) sign up
> > > >> > b) use that user to participate in a conference call
> > > >> >
> > > >> > I don't think the ability to turn off captcha would mean it's a
> > > security
> > > >> > risk
> > > >> >
> > > >> > Thanks
> > > >> > Seb
> > > >> >
> > > >> > Sebastian Wagner
> > > >> > Director Arrakeen Solutions, OM-Hosting.com
> > > >> > http://arrakeen-solutions.co.nz/
> > > >> > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > > >> > Video-Conferencing OpenMeetings
> > > >> > <
> > > >> >
> > > >>
> > >
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > > >> > >
> > > >> > <
> > > >> >
> > > >>
> > >
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > > >> > >
> > > >> >
> > > >> >
> > > >> > On Tue, 26 Jan 2021 at 15:54, Maxim Solodovnik <
> > solomax666@gmail.com>
> > > >> > wrote:
> > > >> >
> > > >> > > I've added the comment: I'm -1 for this feature
> > > >> > >
> > > >> > > Registration is now covered with JUnit tests
> > > >> > > For performance testing you can
> > > >> > > 1) create users via API
> > > >> > > 2) create users directly in DB
> > > >> > >
> > > >> > > Users tend to turn off all security related "complications" just
> > > >> because
> > > >> > > some of their clients have some difficulties .... :(
> > > >> > > I'll plan to add customization options for captcha: i.e. admin
> can
> > > >> > specify
> > > >> > > "letter range" for captcha
> > > >> > > In such case you can specify [A,A] range ... :)
> > > >> > >
> > > >> > > On Tue, 26 Jan 2021 at 09:49, seba.wagner@gmail.com <
> > > >> > seba.wagner@gmail.com
> > > >> > > >
> > > >> > > wrote:
> > > >> > >
> > > >> > > > In order to do automated signup using Selenium.
> > > >> > > > That is both for testing, but in my case it is around
> > performance
> > > >> and
> > > >> > > load
> > > >> > > > testing.
> > > >> > > > I created a ticket for now:
> > > >> > > > https://issues.apache.org/jira/browse/OPENMEETINGS-2560 and
> see
> > > how
> > > >> > > > difficult it would be to add this config.
> > > >> > > >
> > > >> > > > Thanks,
> > > >> > > > Seb
> > > >> > > >
> > > >> > > > Sebastian Wagner
> > > >> > > > Director Arrakeen Solutions, OM-Hosting.com
> > > >> > > > http://arrakeen-solutions.co.nz/
> > > >> > > > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > > >> > > > Video-Conferencing OpenMeetings
> > > >> > > > <
> > > >> > > >
> > > >> > >
> > > >> >
> > > >>
> > >
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > > >> > > > >
> > > >> > > > <
> > > >> > > >
> > > >> > >
> > > >> >
> > > >>
> > >
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > > >> > > > >
> > > >> > > >
> > > >> > > >
> > > >> > > > On Tue, 26 Jan 2021 at 15:44, Maxim Solodovnik <
> > > >> solomax666@gmail.com>
> > > >> > > > wrote:
> > > >> > > >
> > > >> > > > > Hello Sebastian,
> > > >> > > > >
> > > >> > > > > there is no such option ATM
> > > >> > > > > Why is it required for you?
> > > >> > > > >
> > > >> > > > > On Tue, 26 Jan 2021 at 05:17, seba.wagner@gmail.com <
> > > >> > > > seba.wagner@gmail.com
> > > >> > > > > >
> > > >> > > > > wrote:
> > > >> > > > >
> > > >> > > > > > Hi,
> > > >> > > > > >
> > > >> > > > > > is there a way to disable the need to enter a captcha
> during
> > > the
> > > >> > sign
> > > >> > > > up
> > > >> > > > > ?
> > > >> > > > > >
> > > >> > > > > > Thanks
> > > >> > > > > > Seb
> > > >> > > > > >
> > > >> > > > > > Sebastian Wagner
> > > >> > > > > > Director Arrakeen Solutions, OM-Hosting.com
> > > >> > > > > > http://arrakeen-solutions.co.nz/
> > > >> > > > > > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > > >> > > > > > Video-Conferencing OpenMeetings
> > > >> > > > > > <
> > > >> > > > > >
> > > >> > > > >
> > > >> > > >
> > > >> > >
> > > >> >
> > > >>
> > >
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > > >> > > > > > >
> > > >> > > > > > <
> > > >> > > > > >
> > > >> > > > >
> > > >> > > >
> > > >> > >
> > > >> >
> > > >>
> > >
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > > >> > > > > > >
> > > >> > > > > >
> > > >> > > > >
> > > >> > > > >
> > > >> > > > > --
> > > >> > > > > Best regards,
> > > >> > > > > Maxim
> > > >> > > > >
> > > >> > > >
> > > >> > >
> > > >> > >
> > > >> > > --
> > > >> > > Best regards,
> > > >> > > Maxim
> > > >> > >
> > > >> >
> > > >>
> > > >>
> > > >> --
> > > >> Best regards,
> > > >> Maxim
> > > >>
> > > >
> > >
> >
> >
> > --
> > Best regards,
> > Maxim
> >
> --
> Sebastian Wagner
> Director Arrakeen Solutions, OM-Hosting.com
> http://arrakeen-solutions.co.nz/
> https://om-hosting.com - Cloud & Server Hosting for HTML5
> Video-Conferencing OpenMeetings
> <
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> >
> <
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> >
>
--
Best regards,
Maxim
Re: Disable captch during sign up
Posted by "seba.wagner@gmail.com" <se...@gmail.com>.
The log debug message clearly shows the actual password on the server side.
It logs the actual password on server side.
Anyway I will try again with debugger turned on.
Thanks
Seb
On Tue, 26 Jan 2021 at 6:50 PM, Maxim Solodovnik <so...@gmail.com>
wrote:
> Your issue with add user is most probably caused by the request you are
> sending (I guess password is treated as NULL)
>
> here is the example of valid request
>
> Address:
> http://localhost:46325/openmeetings/services/user/?sid=5538950f-74f3-4ba2-ad29-b1309bac1cf7
> HttpMethod: POST
> Content-Type: application/x-www-form-urlencoded
> ExchangeId: 39d80bfb-778f-456e-ba6a-cbecc9208a01
> Headers: {Accept=application/json, host=localhost:46325,
> connection=keep-alive, content-type=application/x-www-form-urlencoded,
> cache-control=no-cache, Content-Length=552, pragma=no-cache,
> user-agent=Apache-CXF/3.4.1}
> Payload:
> user=%7B%22address%22%3A%7B%22deleted%22%3Afalse%2C%22email%22%3A%22email89749faf-8fc0-43d7-a372-46caed5ce271%40local%22%7D%2C%22firstname%22%3A%22firstname89749faf-8fc0-43d7-a372-46caed5ce271%22%2C%22languageId%22%3A1%2C%22lastname%22%3A%22lastname89749faf-8fc0-43d7-a372-46caed5ce271%22%2C%22login%22%3A%22login89749faf-8fc0-43d7-a372-46caed5ce271%22%2C%22password%22%3A%22pass1_%21%40%23%24%25_A%22%2C%22rights%22%3A%5B%22LOGIN%22%2C%22ROOM%22%2C%22DASHBOARD%22%5D%2C%22timeZoneId%22%3A%22Asia%2FBangkok%22%2C%22type%22%3A%22USER%22%7D&confirm=false
>
>
> can always be checked on build server:
>
> https://ci-builds.apache.org/job/OpenMeetings/job/openmeetings/230/consoleFull
>
> I'm planning to improve captcha as described in this thread:
> https://markmail.org/message/bmp6tq3t5j6rw2rz
>
> particularly, modify language.xml, add following attributes:
> 1) 'tip' - short text describing this captcha for ex. "Enter uppercase
> English letters"
> 2) 'rangeStart' - initial letter/code of possible captcha characters
> 3) 'rangeEnd' - final letter/code of possible captcha characters
>
> processing for above
>
> Will try to implement it this week
>
> On Tue, 26 Jan 2021 at 11:26, seba.wagner@gmail.com <seba.wagner@gmail.com
> >
> wrote:
>
> > Also the parameter "confirm" doesn't seem to have any meaning. It's not
> > referenced in the rest of the code.
> >
> > Maybe I will change my Jira to fix some of this instead of disabling
> > captcha.
> >
> > Thanks
> > Seb
> >
> > Sebastian Wagner
> > Director Arrakeen Solutions, OM-Hosting.com
> > http://arrakeen-solutions.co.nz/
> > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > Video-Conferencing OpenMeetings
> > <
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > >
> > <
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > >
> >
> >
> > On Tue, 26 Jan 2021 at 17:21, seba.wagner@gmail.com <
> seba.wagner@gmail.com
> > >
> > wrote:
> >
> > > That doesn't mean that you shall not be able to disable it by admin
> > > configuration parameters.
> > >
> > > Btw I tried the soap/Rest service for adding users. but for some reason
> > it
> > > does not accept even the most complex password.
> > >
> > > curl --location --request POST '
> > >
> >
> https://my-server.xyz/openmeetings/services/user/?sid=b20c5012-3c94-4e7a-bc6a-61f8cced3150
> > > ' \
> > > --header 'Content-Type: application/json' \
> > > --header 'Cookie: JSESSIONID=866564BDD7D8562C9B8CD1B94621AB43' \
> > > --form
> 'user="{firstname:'\''asdads'\'',lastname:'\''aasds'\'',login:'\''
> > > Test123123'\'',password:'\''IAmComplex_@Testing1234
> '\'',right:['\''ADMIN
> > > '\''],languageId:1,timeZoneId:'\''Pacific/Auckland'\''}"' \
> > > --form 'confirm="false"'
> > >
> > >
> > > "IAmComplex_@Testing1234" is certainly a complex password.
> > >
> > > But the server reject it and in the log file it says:
> > > [39mDEBUG [0;39m 01-26 03:32:59.119 [36mo.a.o.w.UserWebService:191
> > > [-nio-443-exec-5] [0;39m - addNewUser::weak password
> > > 'IAmComplex_@Testing1234', msg: null
> > >
> > > Seems like msg is null but still the input is not valid, above log is
> > from
> > > here:
> > >
> > >
> >
> https://github.com/apache/openmeetings/blob/master/openmeetings-webservice/src/main/java/org/apache/openmeetings/webservice/UserWebService.java#L186
> > >
> > > Looks strange to me.
> > >
> > > Sebastian Wagner
> > > Director Arrakeen Solutions, OM-Hosting.com
> > > http://arrakeen-solutions.co.nz/
> > > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > > Video-Conferencing OpenMeetings
> > >
> > > <
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > >
> > > <
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > >
> > >
> > >
> > > On Tue, 26 Jan 2021 at 16:15, Maxim Solodovnik <so...@gmail.com>
> > > wrote:
> > >
> > >> The captcha was added because it's absence was reported as security
> > >> vulnerability (you can check CVE at our security page ...)
> > >>
> > >> On Tue, 26 Jan 2021 at 10:05, seba.wagner@gmail.com <
> > >> seba.wagner@gmail.com>
> > >> wrote:
> > >>
> > >> > I can try with the API approach, it should be possible. It is just a
> > bit
> > >> > hacky. It would be easier to create a Selenium test that does both:
> > >> > a) sign up
> > >> > b) use that user to participate in a conference call
> > >> >
> > >> > I don't think the ability to turn off captcha would mean it's a
> > security
> > >> > risk
> > >> >
> > >> > Thanks
> > >> > Seb
> > >> >
> > >> > Sebastian Wagner
> > >> > Director Arrakeen Solutions, OM-Hosting.com
> > >> > http://arrakeen-solutions.co.nz/
> > >> > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > >> > Video-Conferencing OpenMeetings
> > >> > <
> > >> >
> > >>
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > >> > >
> > >> > <
> > >> >
> > >>
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > >> > >
> > >> >
> > >> >
> > >> > On Tue, 26 Jan 2021 at 15:54, Maxim Solodovnik <
> solomax666@gmail.com>
> > >> > wrote:
> > >> >
> > >> > > I've added the comment: I'm -1 for this feature
> > >> > >
> > >> > > Registration is now covered with JUnit tests
> > >> > > For performance testing you can
> > >> > > 1) create users via API
> > >> > > 2) create users directly in DB
> > >> > >
> > >> > > Users tend to turn off all security related "complications" just
> > >> because
> > >> > > some of their clients have some difficulties .... :(
> > >> > > I'll plan to add customization options for captcha: i.e. admin can
> > >> > specify
> > >> > > "letter range" for captcha
> > >> > > In such case you can specify [A,A] range ... :)
> > >> > >
> > >> > > On Tue, 26 Jan 2021 at 09:49, seba.wagner@gmail.com <
> > >> > seba.wagner@gmail.com
> > >> > > >
> > >> > > wrote:
> > >> > >
> > >> > > > In order to do automated signup using Selenium.
> > >> > > > That is both for testing, but in my case it is around
> performance
> > >> and
> > >> > > load
> > >> > > > testing.
> > >> > > > I created a ticket for now:
> > >> > > > https://issues.apache.org/jira/browse/OPENMEETINGS-2560 and see
> > how
> > >> > > > difficult it would be to add this config.
> > >> > > >
> > >> > > > Thanks,
> > >> > > > Seb
> > >> > > >
> > >> > > > Sebastian Wagner
> > >> > > > Director Arrakeen Solutions, OM-Hosting.com
> > >> > > > http://arrakeen-solutions.co.nz/
> > >> > > > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > >> > > > Video-Conferencing OpenMeetings
> > >> > > > <
> > >> > > >
> > >> > >
> > >> >
> > >>
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > >> > > > >
> > >> > > > <
> > >> > > >
> > >> > >
> > >> >
> > >>
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > >> > > > >
> > >> > > >
> > >> > > >
> > >> > > > On Tue, 26 Jan 2021 at 15:44, Maxim Solodovnik <
> > >> solomax666@gmail.com>
> > >> > > > wrote:
> > >> > > >
> > >> > > > > Hello Sebastian,
> > >> > > > >
> > >> > > > > there is no such option ATM
> > >> > > > > Why is it required for you?
> > >> > > > >
> > >> > > > > On Tue, 26 Jan 2021 at 05:17, seba.wagner@gmail.com <
> > >> > > > seba.wagner@gmail.com
> > >> > > > > >
> > >> > > > > wrote:
> > >> > > > >
> > >> > > > > > Hi,
> > >> > > > > >
> > >> > > > > > is there a way to disable the need to enter a captcha during
> > the
> > >> > sign
> > >> > > > up
> > >> > > > > ?
> > >> > > > > >
> > >> > > > > > Thanks
> > >> > > > > > Seb
> > >> > > > > >
> > >> > > > > > Sebastian Wagner
> > >> > > > > > Director Arrakeen Solutions, OM-Hosting.com
> > >> > > > > > http://arrakeen-solutions.co.nz/
> > >> > > > > > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > >> > > > > > Video-Conferencing OpenMeetings
> > >> > > > > > <
> > >> > > > > >
> > >> > > > >
> > >> > > >
> > >> > >
> > >> >
> > >>
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > >> > > > > > >
> > >> > > > > > <
> > >> > > > > >
> > >> > > > >
> > >> > > >
> > >> > >
> > >> >
> > >>
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > >> > > > > > >
> > >> > > > > >
> > >> > > > >
> > >> > > > >
> > >> > > > > --
> > >> > > > > Best regards,
> > >> > > > > Maxim
> > >> > > > >
> > >> > > >
> > >> > >
> > >> > >
> > >> > > --
> > >> > > Best regards,
> > >> > > Maxim
> > >> > >
> > >> >
> > >>
> > >>
> > >> --
> > >> Best regards,
> > >> Maxim
> > >>
> > >
> >
>
>
> --
> Best regards,
> Maxim
>
--
Sebastian Wagner
Director Arrakeen Solutions, OM-Hosting.com
http://arrakeen-solutions.co.nz/
https://om-hosting.com - Cloud & Server Hosting for HTML5
Video-Conferencing OpenMeetings
<https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
<https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
Re: Disable captch during sign up
Posted by Maxim Solodovnik <so...@gmail.com>.
Your issue with add user is most probably caused by the request you are
sending (I guess password is treated as NULL)
here is the example of valid request
Address: http://localhost:46325/openmeetings/services/user/?sid=5538950f-74f3-4ba2-ad29-b1309bac1cf7
HttpMethod: POST
Content-Type: application/x-www-form-urlencoded
ExchangeId: 39d80bfb-778f-456e-ba6a-cbecc9208a01
Headers: {Accept=application/json, host=localhost:46325,
connection=keep-alive, content-type=application/x-www-form-urlencoded,
cache-control=no-cache, Content-Length=552, pragma=no-cache,
user-agent=Apache-CXF/3.4.1}
Payload: user=%7B%22address%22%3A%7B%22deleted%22%3Afalse%2C%22email%22%3A%22email89749faf-8fc0-43d7-a372-46caed5ce271%40local%22%7D%2C%22firstname%22%3A%22firstname89749faf-8fc0-43d7-a372-46caed5ce271%22%2C%22languageId%22%3A1%2C%22lastname%22%3A%22lastname89749faf-8fc0-43d7-a372-46caed5ce271%22%2C%22login%22%3A%22login89749faf-8fc0-43d7-a372-46caed5ce271%22%2C%22password%22%3A%22pass1_%21%40%23%24%25_A%22%2C%22rights%22%3A%5B%22LOGIN%22%2C%22ROOM%22%2C%22DASHBOARD%22%5D%2C%22timeZoneId%22%3A%22Asia%2FBangkok%22%2C%22type%22%3A%22USER%22%7D&confirm=false
can always be checked on build server:
https://ci-builds.apache.org/job/OpenMeetings/job/openmeetings/230/consoleFull
I'm planning to improve captcha as described in this thread:
https://markmail.org/message/bmp6tq3t5j6rw2rz
particularly, modify language.xml, add following attributes:
1) 'tip' - short text describing this captcha for ex. "Enter uppercase
English letters"
2) 'rangeStart' - initial letter/code of possible captcha characters
3) 'rangeEnd' - final letter/code of possible captcha characters
processing for above
Will try to implement it this week
On Tue, 26 Jan 2021 at 11:26, seba.wagner@gmail.com <se...@gmail.com>
wrote:
> Also the parameter "confirm" doesn't seem to have any meaning. It's not
> referenced in the rest of the code.
>
> Maybe I will change my Jira to fix some of this instead of disabling
> captcha.
>
> Thanks
> Seb
>
> Sebastian Wagner
> Director Arrakeen Solutions, OM-Hosting.com
> http://arrakeen-solutions.co.nz/
> https://om-hosting.com - Cloud & Server Hosting for HTML5
> Video-Conferencing OpenMeetings
> <
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> >
> <
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> >
>
>
> On Tue, 26 Jan 2021 at 17:21, seba.wagner@gmail.com <seba.wagner@gmail.com
> >
> wrote:
>
> > That doesn't mean that you shall not be able to disable it by admin
> > configuration parameters.
> >
> > Btw I tried the soap/Rest service for adding users. but for some reason
> it
> > does not accept even the most complex password.
> >
> > curl --location --request POST '
> >
> https://my-server.xyz/openmeetings/services/user/?sid=b20c5012-3c94-4e7a-bc6a-61f8cced3150
> > ' \
> > --header 'Content-Type: application/json' \
> > --header 'Cookie: JSESSIONID=866564BDD7D8562C9B8CD1B94621AB43' \
> > --form 'user="{firstname:'\''asdads'\'',lastname:'\''aasds'\'',login:'\''
> > Test123123'\'',password:'\''IAmComplex_@Testing1234'\'',right:['\''ADMIN
> > '\''],languageId:1,timeZoneId:'\''Pacific/Auckland'\''}"' \
> > --form 'confirm="false"'
> >
> >
> > "IAmComplex_@Testing1234" is certainly a complex password.
> >
> > But the server reject it and in the log file it says:
> > [39mDEBUG [0;39m 01-26 03:32:59.119 [36mo.a.o.w.UserWebService:191
> > [-nio-443-exec-5] [0;39m - addNewUser::weak password
> > 'IAmComplex_@Testing1234', msg: null
> >
> > Seems like msg is null but still the input is not valid, above log is
> from
> > here:
> >
> >
> https://github.com/apache/openmeetings/blob/master/openmeetings-webservice/src/main/java/org/apache/openmeetings/webservice/UserWebService.java#L186
> >
> > Looks strange to me.
> >
> > Sebastian Wagner
> > Director Arrakeen Solutions, OM-Hosting.com
> > http://arrakeen-solutions.co.nz/
> > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > Video-Conferencing OpenMeetings
> >
> > <
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> >
> > <
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> >
> >
> >
> > On Tue, 26 Jan 2021 at 16:15, Maxim Solodovnik <so...@gmail.com>
> > wrote:
> >
> >> The captcha was added because it's absence was reported as security
> >> vulnerability (you can check CVE at our security page ...)
> >>
> >> On Tue, 26 Jan 2021 at 10:05, seba.wagner@gmail.com <
> >> seba.wagner@gmail.com>
> >> wrote:
> >>
> >> > I can try with the API approach, it should be possible. It is just a
> bit
> >> > hacky. It would be easier to create a Selenium test that does both:
> >> > a) sign up
> >> > b) use that user to participate in a conference call
> >> >
> >> > I don't think the ability to turn off captcha would mean it's a
> security
> >> > risk
> >> >
> >> > Thanks
> >> > Seb
> >> >
> >> > Sebastian Wagner
> >> > Director Arrakeen Solutions, OM-Hosting.com
> >> > http://arrakeen-solutions.co.nz/
> >> > https://om-hosting.com - Cloud & Server Hosting for HTML5
> >> > Video-Conferencing OpenMeetings
> >> > <
> >> >
> >>
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> >> > >
> >> > <
> >> >
> >>
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> >> > >
> >> >
> >> >
> >> > On Tue, 26 Jan 2021 at 15:54, Maxim Solodovnik <so...@gmail.com>
> >> > wrote:
> >> >
> >> > > I've added the comment: I'm -1 for this feature
> >> > >
> >> > > Registration is now covered with JUnit tests
> >> > > For performance testing you can
> >> > > 1) create users via API
> >> > > 2) create users directly in DB
> >> > >
> >> > > Users tend to turn off all security related "complications" just
> >> because
> >> > > some of their clients have some difficulties .... :(
> >> > > I'll plan to add customization options for captcha: i.e. admin can
> >> > specify
> >> > > "letter range" for captcha
> >> > > In such case you can specify [A,A] range ... :)
> >> > >
> >> > > On Tue, 26 Jan 2021 at 09:49, seba.wagner@gmail.com <
> >> > seba.wagner@gmail.com
> >> > > >
> >> > > wrote:
> >> > >
> >> > > > In order to do automated signup using Selenium.
> >> > > > That is both for testing, but in my case it is around performance
> >> and
> >> > > load
> >> > > > testing.
> >> > > > I created a ticket for now:
> >> > > > https://issues.apache.org/jira/browse/OPENMEETINGS-2560 and see
> how
> >> > > > difficult it would be to add this config.
> >> > > >
> >> > > > Thanks,
> >> > > > Seb
> >> > > >
> >> > > > Sebastian Wagner
> >> > > > Director Arrakeen Solutions, OM-Hosting.com
> >> > > > http://arrakeen-solutions.co.nz/
> >> > > > https://om-hosting.com - Cloud & Server Hosting for HTML5
> >> > > > Video-Conferencing OpenMeetings
> >> > > > <
> >> > > >
> >> > >
> >> >
> >>
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> >> > > > >
> >> > > > <
> >> > > >
> >> > >
> >> >
> >>
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> >> > > > >
> >> > > >
> >> > > >
> >> > > > On Tue, 26 Jan 2021 at 15:44, Maxim Solodovnik <
> >> solomax666@gmail.com>
> >> > > > wrote:
> >> > > >
> >> > > > > Hello Sebastian,
> >> > > > >
> >> > > > > there is no such option ATM
> >> > > > > Why is it required for you?
> >> > > > >
> >> > > > > On Tue, 26 Jan 2021 at 05:17, seba.wagner@gmail.com <
> >> > > > seba.wagner@gmail.com
> >> > > > > >
> >> > > > > wrote:
> >> > > > >
> >> > > > > > Hi,
> >> > > > > >
> >> > > > > > is there a way to disable the need to enter a captcha during
> the
> >> > sign
> >> > > > up
> >> > > > > ?
> >> > > > > >
> >> > > > > > Thanks
> >> > > > > > Seb
> >> > > > > >
> >> > > > > > Sebastian Wagner
> >> > > > > > Director Arrakeen Solutions, OM-Hosting.com
> >> > > > > > http://arrakeen-solutions.co.nz/
> >> > > > > > https://om-hosting.com - Cloud & Server Hosting for HTML5
> >> > > > > > Video-Conferencing OpenMeetings
> >> > > > > > <
> >> > > > > >
> >> > > > >
> >> > > >
> >> > >
> >> >
> >>
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> >> > > > > > >
> >> > > > > > <
> >> > > > > >
> >> > > > >
> >> > > >
> >> > >
> >> >
> >>
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> >> > > > > > >
> >> > > > > >
> >> > > > >
> >> > > > >
> >> > > > > --
> >> > > > > Best regards,
> >> > > > > Maxim
> >> > > > >
> >> > > >
> >> > >
> >> > >
> >> > > --
> >> > > Best regards,
> >> > > Maxim
> >> > >
> >> >
> >>
> >>
> >> --
> >> Best regards,
> >> Maxim
> >>
> >
>
--
Best regards,
Maxim
Re: Disable captch during sign up
Posted by "seba.wagner@gmail.com" <se...@gmail.com>.
Also the parameter "confirm" doesn't seem to have any meaning. It's not
referenced in the rest of the code.
Maybe I will change my Jira to fix some of this instead of disabling
captcha.
Thanks
Seb
Sebastian Wagner
Director Arrakeen Solutions, OM-Hosting.com
http://arrakeen-solutions.co.nz/
https://om-hosting.com - Cloud & Server Hosting for HTML5
Video-Conferencing OpenMeetings
<https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
<https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
On Tue, 26 Jan 2021 at 17:21, seba.wagner@gmail.com <se...@gmail.com>
wrote:
> That doesn't mean that you shall not be able to disable it by admin
> configuration parameters.
>
> Btw I tried the soap/Rest service for adding users. but for some reason it
> does not accept even the most complex password.
>
> curl --location --request POST '
> https://my-server.xyz/openmeetings/services/user/?sid=b20c5012-3c94-4e7a-bc6a-61f8cced3150
> ' \
> --header 'Content-Type: application/json' \
> --header 'Cookie: JSESSIONID=866564BDD7D8562C9B8CD1B94621AB43' \
> --form 'user="{firstname:'\''asdads'\'',lastname:'\''aasds'\'',login:'\''
> Test123123'\'',password:'\''IAmComplex_@Testing1234'\'',right:['\''ADMIN
> '\''],languageId:1,timeZoneId:'\''Pacific/Auckland'\''}"' \
> --form 'confirm="false"'
>
>
> "IAmComplex_@Testing1234" is certainly a complex password.
>
> But the server reject it and in the log file it says:
> [39mDEBUG [0;39m 01-26 03:32:59.119 [36mo.a.o.w.UserWebService:191
> [-nio-443-exec-5] [0;39m - addNewUser::weak password
> 'IAmComplex_@Testing1234', msg: null
>
> Seems like msg is null but still the input is not valid, above log is from
> here:
>
> https://github.com/apache/openmeetings/blob/master/openmeetings-webservice/src/main/java/org/apache/openmeetings/webservice/UserWebService.java#L186
>
> Looks strange to me.
>
> Sebastian Wagner
> Director Arrakeen Solutions, OM-Hosting.com
> http://arrakeen-solutions.co.nz/
> https://om-hosting.com - Cloud & Server Hosting for HTML5
> Video-Conferencing OpenMeetings
>
> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>
>
> On Tue, 26 Jan 2021 at 16:15, Maxim Solodovnik <so...@gmail.com>
> wrote:
>
>> The captcha was added because it's absence was reported as security
>> vulnerability (you can check CVE at our security page ...)
>>
>> On Tue, 26 Jan 2021 at 10:05, seba.wagner@gmail.com <
>> seba.wagner@gmail.com>
>> wrote:
>>
>> > I can try with the API approach, it should be possible. It is just a bit
>> > hacky. It would be easier to create a Selenium test that does both:
>> > a) sign up
>> > b) use that user to participate in a conference call
>> >
>> > I don't think the ability to turn off captcha would mean it's a security
>> > risk
>> >
>> > Thanks
>> > Seb
>> >
>> > Sebastian Wagner
>> > Director Arrakeen Solutions, OM-Hosting.com
>> > http://arrakeen-solutions.co.nz/
>> > https://om-hosting.com - Cloud & Server Hosting for HTML5
>> > Video-Conferencing OpenMeetings
>> > <
>> >
>> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
>> > >
>> > <
>> >
>> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
>> > >
>> >
>> >
>> > On Tue, 26 Jan 2021 at 15:54, Maxim Solodovnik <so...@gmail.com>
>> > wrote:
>> >
>> > > I've added the comment: I'm -1 for this feature
>> > >
>> > > Registration is now covered with JUnit tests
>> > > For performance testing you can
>> > > 1) create users via API
>> > > 2) create users directly in DB
>> > >
>> > > Users tend to turn off all security related "complications" just
>> because
>> > > some of their clients have some difficulties .... :(
>> > > I'll plan to add customization options for captcha: i.e. admin can
>> > specify
>> > > "letter range" for captcha
>> > > In such case you can specify [A,A] range ... :)
>> > >
>> > > On Tue, 26 Jan 2021 at 09:49, seba.wagner@gmail.com <
>> > seba.wagner@gmail.com
>> > > >
>> > > wrote:
>> > >
>> > > > In order to do automated signup using Selenium.
>> > > > That is both for testing, but in my case it is around performance
>> and
>> > > load
>> > > > testing.
>> > > > I created a ticket for now:
>> > > > https://issues.apache.org/jira/browse/OPENMEETINGS-2560 and see how
>> > > > difficult it would be to add this config.
>> > > >
>> > > > Thanks,
>> > > > Seb
>> > > >
>> > > > Sebastian Wagner
>> > > > Director Arrakeen Solutions, OM-Hosting.com
>> > > > http://arrakeen-solutions.co.nz/
>> > > > https://om-hosting.com - Cloud & Server Hosting for HTML5
>> > > > Video-Conferencing OpenMeetings
>> > > > <
>> > > >
>> > >
>> >
>> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
>> > > > >
>> > > > <
>> > > >
>> > >
>> >
>> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
>> > > > >
>> > > >
>> > > >
>> > > > On Tue, 26 Jan 2021 at 15:44, Maxim Solodovnik <
>> solomax666@gmail.com>
>> > > > wrote:
>> > > >
>> > > > > Hello Sebastian,
>> > > > >
>> > > > > there is no such option ATM
>> > > > > Why is it required for you?
>> > > > >
>> > > > > On Tue, 26 Jan 2021 at 05:17, seba.wagner@gmail.com <
>> > > > seba.wagner@gmail.com
>> > > > > >
>> > > > > wrote:
>> > > > >
>> > > > > > Hi,
>> > > > > >
>> > > > > > is there a way to disable the need to enter a captcha during the
>> > sign
>> > > > up
>> > > > > ?
>> > > > > >
>> > > > > > Thanks
>> > > > > > Seb
>> > > > > >
>> > > > > > Sebastian Wagner
>> > > > > > Director Arrakeen Solutions, OM-Hosting.com
>> > > > > > http://arrakeen-solutions.co.nz/
>> > > > > > https://om-hosting.com - Cloud & Server Hosting for HTML5
>> > > > > > Video-Conferencing OpenMeetings
>> > > > > > <
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
>> > > > > > >
>> > > > > > <
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
>> > > > > > >
>> > > > > >
>> > > > >
>> > > > >
>> > > > > --
>> > > > > Best regards,
>> > > > > Maxim
>> > > > >
>> > > >
>> > >
>> > >
>> > > --
>> > > Best regards,
>> > > Maxim
>> > >
>> >
>>
>>
>> --
>> Best regards,
>> Maxim
>>
>
Re: Disable captch during sign up
Posted by "seba.wagner@gmail.com" <se...@gmail.com>.
That doesn't mean that you shall not be able to disable it by admin
configuration parameters.
Btw I tried the soap/Rest service for adding users. but for some reason it
does not accept even the most complex password.
curl --location --request POST '
https://my-server.xyz/openmeetings/services/user/?sid=b20c5012-3c94-4e7a-bc6a-61f8cced3150
' \
--header 'Content-Type: application/json' \
--header 'Cookie: JSESSIONID=866564BDD7D8562C9B8CD1B94621AB43' \
--form 'user="{firstname:'\''asdads'\'',lastname:'\''aasds'\'',login:'\''
Test123123'\'',password:'\''IAmComplex_@Testing1234'\'',right:['\''ADMIN
'\''],languageId:1,timeZoneId:'\''Pacific/Auckland'\''}"' \
--form 'confirm="false"'
"IAmComplex_@Testing1234" is certainly a complex password.
But the server reject it and in the log file it says:
[39mDEBUG [0;39m 01-26 03:32:59.119 [36mo.a.o.w.UserWebService:191
[-nio-443-exec-5] [0;39m - addNewUser::weak password
'IAmComplex_@Testing1234', msg: null
Seems like msg is null but still the input is not valid, above log is from
here:
https://github.com/apache/openmeetings/blob/master/openmeetings-webservice/src/main/java/org/apache/openmeetings/webservice/UserWebService.java#L186
Looks strange to me.
Sebastian Wagner
Director Arrakeen Solutions, OM-Hosting.com
http://arrakeen-solutions.co.nz/
https://om-hosting.com - Cloud & Server Hosting for HTML5
Video-Conferencing OpenMeetings
<https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
<https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
On Tue, 26 Jan 2021 at 16:15, Maxim Solodovnik <so...@gmail.com> wrote:
> The captcha was added because it's absence was reported as security
> vulnerability (you can check CVE at our security page ...)
>
> On Tue, 26 Jan 2021 at 10:05, seba.wagner@gmail.com <seba.wagner@gmail.com
> >
> wrote:
>
> > I can try with the API approach, it should be possible. It is just a bit
> > hacky. It would be easier to create a Selenium test that does both:
> > a) sign up
> > b) use that user to participate in a conference call
> >
> > I don't think the ability to turn off captcha would mean it's a security
> > risk
> >
> > Thanks
> > Seb
> >
> > Sebastian Wagner
> > Director Arrakeen Solutions, OM-Hosting.com
> > http://arrakeen-solutions.co.nz/
> > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > Video-Conferencing OpenMeetings
> > <
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > >
> > <
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > >
> >
> >
> > On Tue, 26 Jan 2021 at 15:54, Maxim Solodovnik <so...@gmail.com>
> > wrote:
> >
> > > I've added the comment: I'm -1 for this feature
> > >
> > > Registration is now covered with JUnit tests
> > > For performance testing you can
> > > 1) create users via API
> > > 2) create users directly in DB
> > >
> > > Users tend to turn off all security related "complications" just
> because
> > > some of their clients have some difficulties .... :(
> > > I'll plan to add customization options for captcha: i.e. admin can
> > specify
> > > "letter range" for captcha
> > > In such case you can specify [A,A] range ... :)
> > >
> > > On Tue, 26 Jan 2021 at 09:49, seba.wagner@gmail.com <
> > seba.wagner@gmail.com
> > > >
> > > wrote:
> > >
> > > > In order to do automated signup using Selenium.
> > > > That is both for testing, but in my case it is around performance and
> > > load
> > > > testing.
> > > > I created a ticket for now:
> > > > https://issues.apache.org/jira/browse/OPENMEETINGS-2560 and see how
> > > > difficult it would be to add this config.
> > > >
> > > > Thanks,
> > > > Seb
> > > >
> > > > Sebastian Wagner
> > > > Director Arrakeen Solutions, OM-Hosting.com
> > > > http://arrakeen-solutions.co.nz/
> > > > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > > > Video-Conferencing OpenMeetings
> > > > <
> > > >
> > >
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > > > >
> > > > <
> > > >
> > >
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > > > >
> > > >
> > > >
> > > > On Tue, 26 Jan 2021 at 15:44, Maxim Solodovnik <solomax666@gmail.com
> >
> > > > wrote:
> > > >
> > > > > Hello Sebastian,
> > > > >
> > > > > there is no such option ATM
> > > > > Why is it required for you?
> > > > >
> > > > > On Tue, 26 Jan 2021 at 05:17, seba.wagner@gmail.com <
> > > > seba.wagner@gmail.com
> > > > > >
> > > > > wrote:
> > > > >
> > > > > > Hi,
> > > > > >
> > > > > > is there a way to disable the need to enter a captcha during the
> > sign
> > > > up
> > > > > ?
> > > > > >
> > > > > > Thanks
> > > > > > Seb
> > > > > >
> > > > > > Sebastian Wagner
> > > > > > Director Arrakeen Solutions, OM-Hosting.com
> > > > > > http://arrakeen-solutions.co.nz/
> > > > > > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > > > > > Video-Conferencing OpenMeetings
> > > > > > <
> > > > > >
> > > > >
> > > >
> > >
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > > > > > >
> > > > > > <
> > > > > >
> > > > >
> > > >
> > >
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Best regards,
> > > > > Maxim
> > > > >
> > > >
> > >
> > >
> > > --
> > > Best regards,
> > > Maxim
> > >
> >
>
>
> --
> Best regards,
> Maxim
>
Re: Disable captch during sign up
Posted by Maxim Solodovnik <so...@gmail.com>.
The captcha was added because it's absence was reported as security
vulnerability (you can check CVE at our security page ...)
On Tue, 26 Jan 2021 at 10:05, seba.wagner@gmail.com <se...@gmail.com>
wrote:
> I can try with the API approach, it should be possible. It is just a bit
> hacky. It would be easier to create a Selenium test that does both:
> a) sign up
> b) use that user to participate in a conference call
>
> I don't think the ability to turn off captcha would mean it's a security
> risk
>
> Thanks
> Seb
>
> Sebastian Wagner
> Director Arrakeen Solutions, OM-Hosting.com
> http://arrakeen-solutions.co.nz/
> https://om-hosting.com - Cloud & Server Hosting for HTML5
> Video-Conferencing OpenMeetings
> <
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> >
> <
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> >
>
>
> On Tue, 26 Jan 2021 at 15:54, Maxim Solodovnik <so...@gmail.com>
> wrote:
>
> > I've added the comment: I'm -1 for this feature
> >
> > Registration is now covered with JUnit tests
> > For performance testing you can
> > 1) create users via API
> > 2) create users directly in DB
> >
> > Users tend to turn off all security related "complications" just because
> > some of their clients have some difficulties .... :(
> > I'll plan to add customization options for captcha: i.e. admin can
> specify
> > "letter range" for captcha
> > In such case you can specify [A,A] range ... :)
> >
> > On Tue, 26 Jan 2021 at 09:49, seba.wagner@gmail.com <
> seba.wagner@gmail.com
> > >
> > wrote:
> >
> > > In order to do automated signup using Selenium.
> > > That is both for testing, but in my case it is around performance and
> > load
> > > testing.
> > > I created a ticket for now:
> > > https://issues.apache.org/jira/browse/OPENMEETINGS-2560 and see how
> > > difficult it would be to add this config.
> > >
> > > Thanks,
> > > Seb
> > >
> > > Sebastian Wagner
> > > Director Arrakeen Solutions, OM-Hosting.com
> > > http://arrakeen-solutions.co.nz/
> > > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > > Video-Conferencing OpenMeetings
> > > <
> > >
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > > >
> > > <
> > >
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > > >
> > >
> > >
> > > On Tue, 26 Jan 2021 at 15:44, Maxim Solodovnik <so...@gmail.com>
> > > wrote:
> > >
> > > > Hello Sebastian,
> > > >
> > > > there is no such option ATM
> > > > Why is it required for you?
> > > >
> > > > On Tue, 26 Jan 2021 at 05:17, seba.wagner@gmail.com <
> > > seba.wagner@gmail.com
> > > > >
> > > > wrote:
> > > >
> > > > > Hi,
> > > > >
> > > > > is there a way to disable the need to enter a captcha during the
> sign
> > > up
> > > > ?
> > > > >
> > > > > Thanks
> > > > > Seb
> > > > >
> > > > > Sebastian Wagner
> > > > > Director Arrakeen Solutions, OM-Hosting.com
> > > > > http://arrakeen-solutions.co.nz/
> > > > > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > > > > Video-Conferencing OpenMeetings
> > > > > <
> > > > >
> > > >
> > >
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > > > > >
> > > > > <
> > > > >
> > > >
> > >
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Best regards,
> > > > Maxim
> > > >
> > >
> >
> >
> > --
> > Best regards,
> > Maxim
> >
>
--
Best regards,
Maxim
Re: Disable captch during sign up
Posted by "seba.wagner@gmail.com" <se...@gmail.com>.
I can try with the API approach, it should be possible. It is just a bit
hacky. It would be easier to create a Selenium test that does both:
a) sign up
b) use that user to participate in a conference call
I don't think the ability to turn off captcha would mean it's a security
risk
Thanks
Seb
Sebastian Wagner
Director Arrakeen Solutions, OM-Hosting.com
http://arrakeen-solutions.co.nz/
https://om-hosting.com - Cloud & Server Hosting for HTML5
Video-Conferencing OpenMeetings
<https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
<https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
On Tue, 26 Jan 2021 at 15:54, Maxim Solodovnik <so...@gmail.com> wrote:
> I've added the comment: I'm -1 for this feature
>
> Registration is now covered with JUnit tests
> For performance testing you can
> 1) create users via API
> 2) create users directly in DB
>
> Users tend to turn off all security related "complications" just because
> some of their clients have some difficulties .... :(
> I'll plan to add customization options for captcha: i.e. admin can specify
> "letter range" for captcha
> In such case you can specify [A,A] range ... :)
>
> On Tue, 26 Jan 2021 at 09:49, seba.wagner@gmail.com <seba.wagner@gmail.com
> >
> wrote:
>
> > In order to do automated signup using Selenium.
> > That is both for testing, but in my case it is around performance and
> load
> > testing.
> > I created a ticket for now:
> > https://issues.apache.org/jira/browse/OPENMEETINGS-2560 and see how
> > difficult it would be to add this config.
> >
> > Thanks,
> > Seb
> >
> > Sebastian Wagner
> > Director Arrakeen Solutions, OM-Hosting.com
> > http://arrakeen-solutions.co.nz/
> > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > Video-Conferencing OpenMeetings
> > <
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > >
> > <
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > >
> >
> >
> > On Tue, 26 Jan 2021 at 15:44, Maxim Solodovnik <so...@gmail.com>
> > wrote:
> >
> > > Hello Sebastian,
> > >
> > > there is no such option ATM
> > > Why is it required for you?
> > >
> > > On Tue, 26 Jan 2021 at 05:17, seba.wagner@gmail.com <
> > seba.wagner@gmail.com
> > > >
> > > wrote:
> > >
> > > > Hi,
> > > >
> > > > is there a way to disable the need to enter a captcha during the sign
> > up
> > > ?
> > > >
> > > > Thanks
> > > > Seb
> > > >
> > > > Sebastian Wagner
> > > > Director Arrakeen Solutions, OM-Hosting.com
> > > > http://arrakeen-solutions.co.nz/
> > > > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > > > Video-Conferencing OpenMeetings
> > > > <
> > > >
> > >
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > > > >
> > > > <
> > > >
> > >
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > > > >
> > > >
> > >
> > >
> > > --
> > > Best regards,
> > > Maxim
> > >
> >
>
>
> --
> Best regards,
> Maxim
>
Re: Disable captch during sign up
Posted by Maxim Solodovnik <so...@gmail.com>.
I've added the comment: I'm -1 for this feature
Registration is now covered with JUnit tests
For performance testing you can
1) create users via API
2) create users directly in DB
Users tend to turn off all security related "complications" just because
some of their clients have some difficulties .... :(
I'll plan to add customization options for captcha: i.e. admin can specify
"letter range" for captcha
In such case you can specify [A,A] range ... :)
On Tue, 26 Jan 2021 at 09:49, seba.wagner@gmail.com <se...@gmail.com>
wrote:
> In order to do automated signup using Selenium.
> That is both for testing, but in my case it is around performance and load
> testing.
> I created a ticket for now:
> https://issues.apache.org/jira/browse/OPENMEETINGS-2560 and see how
> difficult it would be to add this config.
>
> Thanks,
> Seb
>
> Sebastian Wagner
> Director Arrakeen Solutions, OM-Hosting.com
> http://arrakeen-solutions.co.nz/
> https://om-hosting.com - Cloud & Server Hosting for HTML5
> Video-Conferencing OpenMeetings
> <
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> >
> <
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> >
>
>
> On Tue, 26 Jan 2021 at 15:44, Maxim Solodovnik <so...@gmail.com>
> wrote:
>
> > Hello Sebastian,
> >
> > there is no such option ATM
> > Why is it required for you?
> >
> > On Tue, 26 Jan 2021 at 05:17, seba.wagner@gmail.com <
> seba.wagner@gmail.com
> > >
> > wrote:
> >
> > > Hi,
> > >
> > > is there a way to disable the need to enter a captcha during the sign
> up
> > ?
> > >
> > > Thanks
> > > Seb
> > >
> > > Sebastian Wagner
> > > Director Arrakeen Solutions, OM-Hosting.com
> > > http://arrakeen-solutions.co.nz/
> > > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > > Video-Conferencing OpenMeetings
> > > <
> > >
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > > >
> > > <
> > >
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > > >
> > >
> >
> >
> > --
> > Best regards,
> > Maxim
> >
>
--
Best regards,
Maxim
Re: Disable captch during sign up
Posted by "seba.wagner@gmail.com" <se...@gmail.com>.
In order to do automated signup using Selenium.
That is both for testing, but in my case it is around performance and load
testing.
I created a ticket for now:
https://issues.apache.org/jira/browse/OPENMEETINGS-2560 and see how
difficult it would be to add this config.
Thanks,
Seb
Sebastian Wagner
Director Arrakeen Solutions, OM-Hosting.com
http://arrakeen-solutions.co.nz/
https://om-hosting.com - Cloud & Server Hosting for HTML5
Video-Conferencing OpenMeetings
<https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
<https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
On Tue, 26 Jan 2021 at 15:44, Maxim Solodovnik <so...@gmail.com> wrote:
> Hello Sebastian,
>
> there is no such option ATM
> Why is it required for you?
>
> On Tue, 26 Jan 2021 at 05:17, seba.wagner@gmail.com <seba.wagner@gmail.com
> >
> wrote:
>
> > Hi,
> >
> > is there a way to disable the need to enter a captcha during the sign up
> ?
> >
> > Thanks
> > Seb
> >
> > Sebastian Wagner
> > Director Arrakeen Solutions, OM-Hosting.com
> > http://arrakeen-solutions.co.nz/
> > https://om-hosting.com - Cloud & Server Hosting for HTML5
> > Video-Conferencing OpenMeetings
> > <
> >
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> > >
> > <
> >
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> > >
> >
>
>
> --
> Best regards,
> Maxim
>
Re: Disable captch during sign up
Posted by Maxim Solodovnik <so...@gmail.com>.
Hello Sebastian,
there is no such option ATM
Why is it required for you?
On Tue, 26 Jan 2021 at 05:17, seba.wagner@gmail.com <se...@gmail.com>
wrote:
> Hi,
>
> is there a way to disable the need to enter a captcha during the sign up ?
>
> Thanks
> Seb
>
> Sebastian Wagner
> Director Arrakeen Solutions, OM-Hosting.com
> http://arrakeen-solutions.co.nz/
> https://om-hosting.com - Cloud & Server Hosting for HTML5
> Video-Conferencing OpenMeetings
> <
> https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url
> >
> <
> https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url
> >
>
--
Best regards,
Maxim