From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) by mail.toke.dk (Postfix) with ESMTPS id 74301A9AF3E for ; Mon, 02 Dec 2024 00:18:47 +0100 (CET) Authentication-Results: mail.toke.dk; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=HgbmF6Y9 Received: by mail-ed1-x52a.google.com with SMTP id 4fb4d7f45d1cf-5d0d4a2da4dso1577458a12.1 for ; Sun, 01 Dec 2024 15:18:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733095067; x=1733699867; darn=lists.galene.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=WS1X+yJfCHWHeWDQ9zVrD0Bf0FZAc9aTUkFz1Zz5NRE=; b=HgbmF6Y9W9uH9tjFSAxoQth3mGZ9GaHlSLu7fmuGE+LSFOujYG1OYzuVo0o1vvV1cS rKDghl3tVVT8In2OEYfBy8UGVrIh8L99A87ALxCeSwsY3hVdylp/FzqbKMX5G1DmrhJi 7Z4PdmniVBIZE6IFgRbOPnmJ4VGJSA0DXd5PDA3Ar6Kac6vriecb3+xbpoUfPL/o/vo5 JsByguN/YgvUwuS10R7tyLUiwUGqqREj7q+dUZ6jQUP2xxMm5omf4ags3g32HYrjldhV OwPKKi5KZybHCl9vTVSAB5+KfLosmldQBd+mcw4DHlw64Q1Xwg8jdzoPkSAgiqiBw4t2 iS6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733095067; x=1733699867; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=WS1X+yJfCHWHeWDQ9zVrD0Bf0FZAc9aTUkFz1Zz5NRE=; b=NljCxrPJCYbU8RRNA0qTbnRw4b0JeQnpFttNw2Pf43fqUAYAxUQvTloaD1XpHZcrLn B0mouiVB/8CmJ7hsqOWrOBZelxKXhCfQWD/PuNX0BIxdRhwYjlSV5/09ZF+9SQE4w9tb +R+E4nSA1RcVUbdMtUnUwsYa1IosbXhjt1qKqpinAbh87NC+Xp65XnZbtcwrvnK+uavH X6+nO6axXNLibQ4PgoJ/NMm9DoSq73E0ktAs1knvU3h+/2+rMtDLE/U8JfgCIjJzqedz DMui6Nkd5rWsMQ0JE5lN2fSkpi4DIb1WKqegB9ncV+pKi5VC5W3fajJ8ixW7wZL2Eb2u 3Uvw== X-Gm-Message-State: AOJu0YxUTDebwJfBWozj0/rWS1TMWLC4ZYvdBWh5qR+igg0+QKUU9+rh 3nCYufwTSJE/JtmM3ZpAZDOix/W5ykvYX3iCrpNzT8A6lgW1AoisGa0XNJmscub3KGJBkvIiDaY pc6TduN9bIVcH47Snk/UHcrKRCUQ0cGQp X-Gm-Gg: ASbGncsNNTQdGChlrfYs1Zxh9n1UX+N5/5OV4G70YV4+mKYe5cqM0kj0hhruIfnePjv 7Yrw0ALO4ph8/+1cldnijSMrVjmHJYrvGEzT7H1Blq/QSfmAXhGtJGSrpoV5UqfK0 X-Google-Smtp-Source: AGHT+IFNkU0cTr+31VMhVQFOetOv7mMzBjhISIfeB2GkTAcAgUdtfyn4iEH+V4zncH4TA8XKjXh4RLdn6I2vor2d9mY= X-Received: by 2002:a05:6402:13cb:b0:5d0:e871:f2ea with SMTP id 4fb4d7f45d1cf-5d0e871f402mr3013272a12.16.1733095066424; Sun, 01 Dec 2024 15:17:46 -0800 (PST) MIME-Version: 1.0 From: Marty Betz Date: Sun, 1 Dec 2024 15:17:33 -0800 Message-ID: To: galene@lists.galene.org Content-Type: multipart/alternative; boundary="000000000000cbdca306283da339" Message-ID-Hash: 7UD72GFKL64EYRCRCQZLG43Y46B47WOI X-Message-ID-Hash: 7UD72GFKL64EYRCRCQZLG43Y46B47WOI X-MailFrom: martybetz@gmail.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list Subject: [Galene] Admin group creation List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --000000000000cbdca306283da339 Content-Type: text/plain; charset="UTF-8" Hello, I'm learning a lot using Galene. Thanks. I've been experimenting with creating groups programmatically using the REST admin interface. In particular I tried to create a group using PUT method with JSON body and it works fine for simple groups like: {"op": [{"username": "elmer", "password": "1234567"}],"presenter": [{}], "public": true} But if I include a "users" list or a "wildcard-user" value, it fails with a "description is not sanitized" error. For example this body fails: {"op": [{"username": "elmer", "password": "1234567"}],"presenter": [{}], "public": false, "users":{"john": {"password": "260530", "permissions": "present"},"fred": {"password": "940934", "permissions": "present"}}} I commented out the 3 lines of UpdateDescription() in description.go, recompiled, and I was able to make this group just fine using the API. if desc.Users != nil || desc.WildcardUser != nil || desc.AuthKeys != nil { return errors.New("description is not sanitised") } Why is this "sanitized" check existing in UpdateDescription(). It seems relevant only for displaying group properties. -Marty --000000000000cbdca306283da339 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hello,
I'm learning a lot using Galene.=C2=A0 Thank= s.=C2=A0 I've been experimenting with creating groups programmatically = using the REST admin interface.

In particular I tried to create a gr= oup using PUT method with JSON body and it works fine for simple groups lik= e:
{"op": [{"u= sername": "elmer", "password": "1234567"= }],"presenter": [{}], "public": true}

But= if I include a "users" list or a "wildcard-user" value= , it fails with a "description is not sanitized" error. For examp= le this body fails:
{"op= ": [{"username": "elmer", "password": &q= uot;1234567"}],"presenter": [{}], "public": false,= "users":{"john": {"password": "260530&q= uot;, "permissions": "present"},"fred": {&quo= t;password": "940934", "permissions": "presen= t"}}}

I commented out the 3 lines of UpdateDescription()= in description.go, recompiled, and I was able to make this group just fine= using the API.

if desc.U= sers !=3D nil || desc.WildcardUser !=3D nil || desc.AuthKeys !=3D nil {
= =C2=A0 =C2=A0 =C2=A0 =C2=A0 return errors.New("description is not sani= tised")
}

Why is this "sanitized" check exi= sting in UpdateDescription().=C2=A0 It seems relevant only for displaying g= roup properties.

-Marty
--000000000000cbdca306283da339--