Random token created in openvidu-server instead of openvidu-browser for insecure participants

openvidu-browser/ts/OpenViduInternal/SessionInternal.ts

@@ -116,12 +116,8 @@ export class SessionInternal {
             }
             else {
 
-                if (!token) {
-                    token = this.randomToken();
-                }
-
                 let joinParams = {
-                    token: token,
+                    token: (!!token) ? token : '',
                     session: this.sessionId,
                     metadata: this.options.metadata,
                     secret: this.openVidu.getSecret(),
@@ -646,8 +642,4 @@ export class SessionInternal {
         }
     }
 
-    private randomToken(): string {
-        return Math.random().toString(36).slice(2) + Math.random().toString(36).slice(2);
-    }
-
 }

openvidu-server/src/main/java/io/openvidu/server/core/SessionManager.java

@@ -149,7 +149,7 @@ public abstract class SessionManager {
 
 	public String newSessionId(SessionProperties sessionProperties) {
 		String sessionId = OpenViduServer.publicUrl;
-		sessionId += "/" + RandomStringUtils.randomAlphanumeric(16).toLowerCase();
+		sessionId += "/" + this.generateRandomChain();
 
 		this.sessionidTokenTokenobj.put(sessionId, new ConcurrentHashMap<>());
 		this.sessionidParticipantpublicidParticipant.put(sessionId, new ConcurrentHashMap<>());
@@ -163,7 +163,7 @@ public abstract class SessionManager {
 		if (this.sessionidParticipantpublicidParticipant.get(sessionId) != null
 				&& this.sessionidTokenTokenobj.get(sessionId) != null) {
 			if (isMetadataFormatCorrect(serverMetadata)) {
-				String token = RandomStringUtils.randomAlphanumeric(16).toLowerCase();
+				String token = this.generateRandomChain();
 				this.sessionidTokenTokenobj.get(sessionId).put(token, new Token(token, role, serverMetadata));
 				showTokens();
 				return token;
@@ -234,12 +234,12 @@ public abstract class SessionManager {
 	public Participant newParticipant(String sessionId, String participantPrivatetId, Token token,
 			String clientMetadata) {
 		if (this.sessionidParticipantpublicidParticipant.get(sessionId) != null) {
-			String participantPublicId = RandomStringUtils.randomAlphanumeric(16).toLowerCase();
+			String participantPublicId = this.generateRandomChain();
 			ConcurrentHashMap<String, Participant> participantpublicidParticipant = this.sessionidParticipantpublicidParticipant
 					.get(sessionId);
 			while (participantpublicidParticipant.containsKey(participantPublicId)) {
 				// Avoid random 'participantpublicid' collisions
-				participantPublicId = RandomStringUtils.randomAlphanumeric(16).toLowerCase();
+				participantPublicId = this.generateRandomChain();
 			}
 			Participant p = new Participant(participantPrivatetId, participantPublicId, token, clientMetadata);
 			this.sessionidParticipantpublicidParticipant.get(sessionId).put(participantPublicId, p);
@@ -267,9 +267,6 @@ public abstract class SessionManager {
 			if (t != null) {
 				return t;
 			} else {
-				if (isInsecureParticipant(participantPrivateId)) {
-					return null;
-				}
 				throw new OpenViduException(Code.TOKEN_CANNOT_BE_CREATED_ERROR_CODE, sessionId);
 			}
 		} else {
@@ -289,6 +286,10 @@ public abstract class SessionManager {
 		log.info("<SESSIONID, PARTICIPANTS>: {}", this.sessionidParticipantpublicidParticipant.toString());
 	}
 	
+	public String generateRandomChain() {
+		return RandomStringUtils.randomAlphanumeric(16).toLowerCase();
+	}
+
 	/**
 	 * Closes all resources. This method has been annotated with the @PreDestroy
 	 * directive (javax.annotation package) so that it will be automatically called

openvidu-server/src/main/java/io/openvidu/server/rpc/RpcHandler.java

@@ -21,6 +21,7 @@ import io.openvidu.client.internal.ProtocolElements;
 import io.openvidu.server.config.OpenviduConfig;
 import io.openvidu.server.core.MediaOptions;
 import io.openvidu.server.core.Participant;
+import io.openvidu.server.core.ParticipantRole;
 import io.openvidu.server.core.SessionManager;
 import io.openvidu.server.core.Token;
 
@@ -129,6 +130,7 @@ public class RpcHandler extends DefaultJsonRpcHandler<JsonObject> {
 
 		if (openviduConfig.isOpenViduSecret(secret)) {
 			sessionManager.newInsecureParticipant(participantPrivatetId);
+			token = sessionManager.generateRandomChain();
 			if (recorder) {
 				generateRecorderParticipant = true;
 			}