feat: custom end meeting url with restriction #202

SpechtD · 2022-03-16T17:47:27Z

closes #162

sualko

Looks good, but needs some changes until we can merge it.

lib/Controller/RestrictionController.php

lib/Controller/RoomController.php

lib/Migration/Version000000Date20220316125900.php

lib/Migration/Version000000Date20220316165602.php

lib/Service/RestrictionService.php

lib/Service/RoomService.php

sualko · 2022-03-16T18:13:23Z

lib/Controller/RoomController.php

 		bool $cleanLayout,
-		bool $joinMuted
+		bool $joinMuted,
+		string $logoutURL


We need some type of validation for the logoutURL. At least it has to start with http:// or https://.

This validation should also be done on the server side, otherwise an attacker could bypass the client logic.

sualko · 2022-03-16T18:21:02Z

lib/Controller/RoomController.php

 			return new DataResponse(['message' => 'Not allowed to enable recordings.'], Http::STATUS_BAD_REQUEST);
 		}

+		if (!$restriction->getallowLogoutURL() && $logoutURL !== $room->getlogoutURL()) {


Is the value of allowLogoutURL determined somewhere? You should probably look into the Permission class 😉

The value of allowLogoutURL is determined in the Restriction class, together with the other restrictions.

lib/Migration/Version000000Date20220316165602.php

sualko · 2022-07-24T11:45:50Z

tests/Unit/Service/RestrictionServiceTest.php

 		$restriction1->setMaxRooms(10);
 		$restriction1->setMaxParticipants(100);
 		$restriction1->setAllowRecording(true);
+		$restriction1->setAllowRecording(true);


Should probably setAllowLogoutURL.

sualko · 2022-07-24T11:48:05Z

lib/Controller/RoomController.php

 		bool $cleanLayout,
-		bool $joinMuted
+		bool $joinMuted,
+		string $logoutURL


This validation should also be done on the server side, otherwise an attacker could bypass the client logic.

sualko · 2022-07-24T11:49:06Z

lib/BigBlueButton/API.php

 		$invitationUrl = $this->urlHelper->linkToInvitationAbsolute($room);
 		$createMeetingParams->setModeratorOnlyMessage($this->l10n->t('To invite someone to the meeting, send them this link: %s', [$invitationUrl]));

+		if (!empty($room->logoutURL)) {


Should probably check if the logoutURL is empty. Anyway I would prefer to have the assignment at one place. Maybe

$createMeetingParams->setLogoutURL($room->logoutURL || $this->urlGenerator->getBaseUrl());

feat: custom end meeting url with restriction

bec283e

sualko requested changes Mar 16, 2022

View reviewed changes

SpechtD added 2 commits March 17, 2022 12:08

fix: camel case errors

1917bf1

fix:merged two migrations into one

8218f97

sualko reviewed Mar 17, 2022

View reviewed changes

lib/Migration/Version000000Date20220316165602.php Outdated Show resolved Hide resolved

SpechtD added 4 commits March 17, 2022 18:55

fix: if block for every table

b608a17

fix: removed length limit for logout_u_r_l

148b5d9

fix: logout url validation in frontend

5707fc4

fix: logoutURL fallback for old rooms

3d8efa7

sualko requested changes Jul 24, 2022

View reviewed changes

feat: custom end meeting url with restriction #202

Are you sure you want to change the base?

feat: custom end meeting url with restriction #202

Uh oh!

Conversation

SpechtD commented Mar 16, 2022

Uh oh!

sualko left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

sualko Mar 16, 2022

Choose a reason for hiding this comment

Uh oh!

sualko Jul 24, 2022

Choose a reason for hiding this comment

Uh oh!

sualko Mar 16, 2022

Choose a reason for hiding this comment

Uh oh!

SpechtD Mar 18, 2022

Choose a reason for hiding this comment

Uh oh!

Uh oh!

sualko Jul 24, 2022

Choose a reason for hiding this comment

Uh oh!

sualko Jul 24, 2022

Choose a reason for hiding this comment

Uh oh!

sualko Jul 24, 2022

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants