Random token created in openvidu-server instead of openvidu-browser for insecure participants

2018-04-04 12:29:36 +02:00 · 2018-04-04 12:29:36 +02:00 · 1e63a116c8
parent 7538bb4a47
commit 1e63a116c8
3 changed files with 11 additions and 16 deletions
--- a/openvidu-browser/ts/OpenViduInternal/SessionInternal.ts
+++ b/openvidu-browser/ts/OpenViduInternal/SessionInternal.ts
@ -116,12 +116,8 @@ export class SessionInternal {
            }
            else {

-                if (!token) {
-                    token = this.randomToken();
-                }
-
                let joinParams = {
-                    token: token,
+                    token: (!!token) ? token : '',
                    session: this.sessionId,
                    metadata: this.options.metadata,
                    secret: this.openVidu.getSecret(),
@ -646,8 +642,4 @@ export class SessionInternal {
        }
    }

-    private randomToken(): string {
-        return Math.random().toString(36).slice(2) + Math.random().toString(36).slice(2);
-    }
-
 }
--- a/openvidu-server/src/main/java/io/openvidu/server/core/SessionManager.java
+++ b/openvidu-server/src/main/java/io/openvidu/server/core/SessionManager.java
@ -149,7 +149,7 @@ public abstract class SessionManager {

 	public String newSessionId(SessionProperties sessionProperties) {
 		String sessionId = OpenViduServer.publicUrl;
-		sessionId += "/" + RandomStringUtils.randomAlphanumeric(16).toLowerCase();
+		sessionId += "/" + this.generateRandomChain();

 		this.sessionidTokenTokenobj.put(sessionId, new ConcurrentHashMap<>());
 		this.sessionidParticipantpublicidParticipant.put(sessionId, new ConcurrentHashMap<>());
@ -163,7 +163,7 @@ public abstract class SessionManager {
 		if (this.sessionidParticipantpublicidParticipant.get(sessionId) != null
 				&& this.sessionidTokenTokenobj.get(sessionId) != null) {
 			if (isMetadataFormatCorrect(serverMetadata)) {
-				String token = RandomStringUtils.randomAlphanumeric(16).toLowerCase();
+				String token = this.generateRandomChain();
 				this.sessionidTokenTokenobj.get(sessionId).put(token, new Token(token, role, serverMetadata));
 				showTokens();
 				return token;
@ -234,12 +234,12 @@ public abstract class SessionManager {
 	public Participant newParticipant(String sessionId, String participantPrivatetId, Token token,
 			String clientMetadata) {
 		if (this.sessionidParticipantpublicidParticipant.get(sessionId) != null) {
-			String participantPublicId = RandomStringUtils.randomAlphanumeric(16).toLowerCase();
+			String participantPublicId = this.generateRandomChain();
 			ConcurrentHashMap<String, Participant> participantpublicidParticipant = this.sessionidParticipantpublicidParticipant
 					.get(sessionId);
 			while (participantpublicidParticipant.containsKey(participantPublicId)) {
 				// Avoid random 'participantpublicid' collisions
-				participantPublicId = RandomStringUtils.randomAlphanumeric(16).toLowerCase();
+				participantPublicId = this.generateRandomChain();
 			}
 			Participant p = new Participant(participantPrivatetId, participantPublicId, token, clientMetadata);
 			this.sessionidParticipantpublicidParticipant.get(sessionId).put(participantPublicId, p);
@ -267,9 +267,6 @@ public abstract class SessionManager {
 			if (t != null) {
 				return t;
 			} else {
-				if (isInsecureParticipant(participantPrivateId)) {
-					return null;
-				}
 				throw new OpenViduException(Code.TOKEN_CANNOT_BE_CREATED_ERROR_CODE, sessionId);
 			}
 		} else {
@ -288,6 +285,10 @@ public abstract class SessionManager {
 	public void showAllParticipants() {
 		log.info("<SESSIONID, PARTICIPANTS>: {}", this.sessionidParticipantpublicidParticipant.toString());
 	}
+	
+	public String generateRandomChain() {
+		return RandomStringUtils.randomAlphanumeric(16).toLowerCase();
+	}

 	/**
 	 * Closes all resources. This method has been annotated with the @PreDestroy
--- a/openvidu-server/src/main/java/io/openvidu/server/rpc/RpcHandler.java
+++ b/openvidu-server/src/main/java/io/openvidu/server/rpc/RpcHandler.java
@ -21,6 +21,7 @@ import io.openvidu.client.internal.ProtocolElements;
 import io.openvidu.server.config.OpenviduConfig;
 import io.openvidu.server.core.MediaOptions;
 import io.openvidu.server.core.Participant;
+import io.openvidu.server.core.ParticipantRole;
 import io.openvidu.server.core.SessionManager;
 import io.openvidu.server.core.Token;

@ -129,6 +130,7 @@ public class RpcHandler extends DefaultJsonRpcHandler<JsonObject> {

 		if (openviduConfig.isOpenViduSecret(secret)) {
 			sessionManager.newInsecureParticipant(participantPrivatetId);
+			token = sessionManager.generateRandomChain();
 			if (recorder) {
 				generateRecorderParticipant = true;
 			}