Re: Invalid Hash via SOAP API call

Maxim Solodovnik Thu, 26 Mar 2020 22:08:00 -0700

Well,

just tested hashes
This error is only observed in case multiple tabs are opened in the same
browser


Is this issue reproducible for you if there is only one user in the room?

Can you test this behavior with latest M4
(new version of Moodle plugin will be required)

On Thu, 26 Mar 2020 at 14:12, Maxim Solodovnik <solomax...@gmail.com> wrote:

> According to above access log
> This URL
> /openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
> has been queried 2 times
> First one was
> /openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
> Second
>
> /openmeetings/hash;jsessionid=CE0DC1A368404F8AFDCE934313E81C96?secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
>
> Since secureHash is one-time hash here might be the issue
> It is not clear why session was invalidated .....
> I'll try to perform more test tonight/tomorrow
>
> On Thu, 26 Mar 2020 at 13:49, Daniel Baker <i...@collisiondetection.biz>
> wrote:
>
>> No other  OM logins.
>>
>>
>> I  actually  titled this  wrong,  it  is a  REST  call not  SOAP.
>>
>>
>> Thanks,
>>
>>
>> Dan
>>
>>
>> On 26/03/2020 00:27, Maxim Solodovnik wrote:
>>
>> is it possible OM was opened in second tab with active login?
>>
>> On Thu, 26 Mar 2020 at 04:15, Daniel Baker <i...@collisiondetection.biz>
>> wrote:
>>
>>> Not sure  why  I am getting this  during  entering of a room :
>>>
>>>
>>> I get invalid  hash / Access denied   show in the browser:
>>>
>>>
>>> [image: image]
>>>
>>>
>>> The  url  looks  like this  which seems correct  to my understanding  :
>>>
>>>
>>>  tail -f localhost_access_log.2020-03-25
>>>
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:27 +0000] "GET
>>> /openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1"
>>> 200 96
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:27 +0000] "POST
>>> /openmeetings/services/user/hash?&sid=973f7132-39f7-47d0-b614-7845c4ed0411
>>> HTTP/1.1" 200 96
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +0000] "GET
>>> /openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
>>> HTTP/1.1" 200 7231
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +0000] "GET
>>> /openmeetings/css/theme_om/jquery-ui.min.css HTTP/1.1" 304 -
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +0000] "GET
>>> /openmeetings/css/theme.css HTTP/1.1" 304 -
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +0000] "GET
>>> /openmeetings/css/custom.css HTTP/1.1" 304 -
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +0000] "-" 400 -
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +0000] "-" 400 -
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:29 +0000] "GET
>>> /openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1"
>>> 200 96
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:29 +0000] "GET
>>> /openmeetings/services/room/32?&sid=25d019cb-728c-4c7e-a88e-88910b3eae51
>>> HTTP/1.1" 200 444
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:30 +0000] "GET
>>> /openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1"
>>> 200 96
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:30 +0000] "POST
>>> /openmeetings/services/user/hash?&sid=bd8227ad-88d1-41ba-b4ce-69239844e5a1
>>> HTTP/1.1" 200 96
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:32 +0000] "GET
>>> **/openmeetings/wicket/bookmarkable/org.apache.openmeetings.web.pages.HashPage?0-1.0
>>> *-access~denied*&secure=9c271470-cfaa-4e95-9d64-**9210b9e4a7cc&language=1&_=1585164268523
>>> HTTP/1.1" 200 180
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:32 +0000] "GET
>>> /openmeetings/hash;jsessionid=CE0DC1A368404F8AFDCE934313E81C96?secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
>>> HTTP/1.1" 200 7328
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +0000] "-" 400 -
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +0000] "-" 400 -
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +0000] "-" 400 -
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +0000] "GET
>>> /openmeetings/wicket/resource/com.googlecode.wicket.kendo.ui.theme.Initializer/kendo.default.mobile.min-ver-70A144DCABA4386C973AE2446CA25F3D.css
>>> HTTP/1.1" 200 111339
>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +0000] "GET
>>> /openmeetings/css/theme_om/jquery-ui.min.css HTTP/1.1" 304 -
>>>
>>>
>>>
>>> OM  Version :
>>>
>>>
>>> Name OpenMeetings  Version5.0.0-M3 Revisionb739f87 Build 
>>> date2019-12-11T11:42:09Z
>>>
>>>
>>> I  can see access denied in the log so  that pinpoints it somewhat.  Is
>>> there a way  to see my  SOAP call is  correct  or a  verbose  logging mode ?
>>>
>>> Thanks,
>>>
>>> Dan
>>>
>>
>>
>> --
>> WBR
>> Maxim aka solomax
>>
>>
>
> --
> WBR
> Maxim aka solomax
>


-- 
WBR
Maxim aka solomax

Re: Invalid Hash via SOAP API call

Reply via email to