diff --git a/bbb-common-web/src/main/java/org/bigbluebutton/api/ParamsProcessorUtil.java b/bbb-common-web/src/main/java/org/bigbluebutton/api/ParamsProcessorUtil.java
index 4c2a30695be4108208fc24b971fc7a4a3051842b..5f55f0811613c73627b5a82c01879933ea141551 100755
--- a/bbb-common-web/src/main/java/org/bigbluebutton/api/ParamsProcessorUtil.java
+++ b/bbb-common-web/src/main/java/org/bigbluebutton/api/ParamsProcessorUtil.java
@@ -163,16 +163,6 @@ public class ParamsProcessorUtil {
} else {
errors.missingParamError(ApiParams.MEETING_ID);
}
-
- // Check if moderator password was provided
- if (StringUtils.isEmpty(params.get(ApiParams.MODERATOR_PW))) {
- errors.missingParamError(ApiParams.MODERATOR_PW);
- }
-
- // Check if attendee password was provided
- if (StringUtils.isEmpty(params.get(ApiParams.ATTENDEE_PW))) {
- errors.missingParamError(ApiParams.ATTENDEE_PW);
- }
}
public Map<String, Object> processUpdateCreateParams(Map<String, String> params) {
@@ -328,8 +318,8 @@ public class ParamsProcessorUtil {
String externalMeetingId = params.get(ApiParams.MEETING_ID);
- String viewerPass = params.get(ApiParams.ATTENDEE_PW);
- String modPass = params.get(ApiParams.MODERATOR_PW);
+ String viewerPass = processPassword(params.get(ApiParams.ATTENDEE_PW));
+ String modPass = processPassword(params.get(ApiParams.MODERATOR_PW));
// Get the digits for voice conference for users joining through the
// phone.
@@ -620,6 +610,10 @@ public class ParamsProcessorUtil {
return DigestUtils.sha1Hex(extMeetingId);
}
+ public String processPassword(String pass) {
+ return StringUtils.isEmpty(pass) ? RandomStringUtils.randomAlphanumeric(8) : pass;
+ }
+
public boolean hasChecksumAndQueryString(String checksum, String queryString) {
return (! StringUtils.isEmpty(checksum) && StringUtils.isEmpty(queryString));
}
diff --git a/bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/ApiController.groovy b/bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/ApiController.groovy
index d9802e0fd2fac6b3274ac230f570c233967d29be..4c9005b289cb1cc8a6033fd41a1188c64754e64b 100755
--- a/bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/ApiController.groovy
+++ b/bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/ApiController.groovy
@@ -109,28 +109,6 @@ class ApiController {
return
}
- if (!StringUtils.isEmpty(params.moderatorPW)) {
- params.moderatorPW = StringUtils.strip(params.moderatorPW);
- if (StringUtils.isEmpty(params.moderatorPW)) {
- invalid("missingParamModeratorPW", "You must specify a moderator password for the meeting.");
- return
- }
- } else {
- invalid("missingParamModeratorPW", "You must specify a moderator password for the meeting.");
- return
- }
-
- if (!StringUtils.isEmpty(params.attendeePW)) {
- params.attendeePW = StringUtils.strip(params.attendeePW);
- if (StringUtils.isEmpty(params.attendeePW)) {
- invalid("missingParamAttendeePW", "You must specify an attendee password for the meeting.");
- return
- }
- } else {
- invalid("missingParamAttendeePW", "You must specify an attendee password for the meeting.");
- return
- }
-
if (!paramsProcessorUtil.isChecksumSame(API_CALL, params.checksum, request.getQueryString())) {
invalid("checksumError", "You did not pass the checksum security check")
return
@@ -165,7 +143,7 @@ class ApiController {
if (existing != null) {
log.debug "Existing conference found"
Map<String, Object> updateParams = paramsProcessorUtil.processUpdateCreateParams(params);
- if (existing.getViewerPassword().equals(params.get(ApiParams.ATTENDEE_PW)) && existing.getModeratorPassword().equals(params.get(ApiParams.MODERATOR_PW))) {
+ if (existing.getViewerPassword().equals(params.get("attendeePW")) && existing.getModeratorPassword().equals(params.get("moderatorPW"))) {
//paramsProcessorUtil.updateMeeting(updateParams, existing);
// trying to create a conference a second time, return success, but give extra info
// Ignore pre-uploaded presentations. We only allow uploading of presentation once.