liuzhe02 / bigbluebutton

Automatically exported from code.google.com/p/bigbluebutton
0 stars 0 forks source link

Enforce unique userID on incoming join URL #1315

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
See discussion

   https://groups.google.com/group/bigbluebutton-dev/browse_thread/thread/604b25d90448a929#

If an incoming join URL to the BigBlueButton API does not have a userID 
parameter, there is no change to the API.

However, if an incoming join URL to the BigBlueButton API has a userID 
parameter, enforce that it is unique.  This would prevent the URL from being 
used a second time. 

What happens when the user is prevented from joining?  Does BigBlueButton 
return an error message to the user?  If so, it would need to be localized?

On approach be to add a second parameter to the join URL, unableToJoinURL, 
which BigBlueButton would redirect the user's browser if they were unable to 
join.  This way, the 3rd party application using the API could control the user 
experience.

Original issue reported on code.google.com by ffdixon@gmail.com on 12 Sep 2012 at 11:52

GoogleCodeExporter commented 9 years ago
The presence of the unableToJoinURL could trigger the enforcement of unique 
userIDs.  That way, none of the existing API implementations would be affected.

Original comment by ffdixon@gmail.com on 12 Sep 2012 at 11:56

GoogleCodeExporter commented 9 years ago
Would it make more sense to have "unableToJoinURL" implemented as a parameter 
of the 'create' controller/api resource? 

It makes for one less parameter that is visible to the user (since they can 
view the join URL). Keep in mind the 'unableToJoinURL' may be an internal, 
non-public resource implemented by a third party app which then forwards the 
user to a proper public-facing localized error page. I personally feel its best 
to limit the amount of data exposed to the user, even if they can't change it 
as a result of the checksum.

Original comment by ramirez....@gmail.com on 25 Feb 2013 at 7:06

GoogleCodeExporter commented 9 years ago
Issue 981 has been merged into this issue.

Original comment by ffdixon@gmail.com on 16 Mar 2014 at 1:49