Verify http host in web admin only if authentication is missing host

This should allow access to web admin through ip address or just served from domain not defined in ejabberd hosts
2019-10-09 10:31:02 +02:00 · 2019-10-09 10:31:02 +02:00 · 19637ce17d
parent 43b97bd9d2
commit 19637ce17d
1 changed files with 32 additions and 32 deletions
--- a/src/ejabberd_web_admin.erl
+++ b/src/ejabberd_web_admin.erl
@ -189,36 +189,31 @@ process(RPath,
 	#request{auth = Auth, lang = Lang, host = HostHTTP,
 		 method = Method} =
 	    Request) ->
-    case ejabberd_router:is_my_host(HostHTTP) of
-	true ->
-	    case get_auth_admin(Auth, HostHTTP, RPath, Method) of
-		{ok, {User, Server}} ->
-		    AJID = get_jid(Auth, HostHTTP, Method),
-		    process_admin(global,
-				  Request#request{path = RPath,
-						  us = {User, Server}},
-				  AJID);
-		{unauthorized, <<"no-auth-provided">>} ->
-		    {401,
-		     [{<<"WWW-Authenticate">>,
-		       <<"basic realm=\"ejabberd\"">>}],
-		     ejabberd_web:make_xhtml([?XCT(<<"h1">>,
-						   ?T("Unauthorized"))])};
-		{unauthorized, Error} ->
-		    {BadUser, _BadPass} = Auth,
-		    {IPT, _Port} = Request#request.ip,
-		    IPS = ejabberd_config:may_hide_data(misc:ip_to_list(IPT)),
-		    ?WARNING_MSG("Access of ~p from ~p failed with error: ~p",
-				 [BadUser, IPS, Error]),
-		    {401,
-		     [{<<"WWW-Authenticate">>,
-		       <<"basic realm=\"auth error, retry login "
-			 "to ejabberd\"">>}],
-		     ejabberd_web:make_xhtml([?XCT(<<"h1">>,
-						   ?T("Unauthorized"))])}
-	    end;
-	false ->
-	    ejabberd_web:error(not_found)
+    case get_auth_admin(Auth, HostHTTP, RPath, Method) of
+	{ok, {User, Server}} ->
+	    AJID = get_jid(Auth, HostHTTP, Method),
+	    process_admin(global,
+			  Request#request{path = RPath,
+					  us = {User, Server}},
+			  AJID);
+	{unauthorized, <<"no-auth-provided">>} ->
+	    {401,
+	     [{<<"WWW-Authenticate">>,
+	       <<"basic realm=\"ejabberd\"">>}],
+	     ejabberd_web:make_xhtml([?XCT(<<"h1">>,
+					   ?T("Unauthorized"))])};
+	{unauthorized, Error} ->
+	    {BadUser, _BadPass} = Auth,
+	    {IPT, _Port} = Request#request.ip,
+	    IPS = ejabberd_config:may_hide_data(misc:ip_to_list(IPT)),
+	    ?WARNING_MSG("Access of ~p from ~p failed with error: ~p",
+			 [BadUser, IPS, Error]),
+	    {401,
+	     [{<<"WWW-Authenticate">>,
+	       <<"basic realm=\"auth error, retry login "
+		 "to ejabberd\"">>}],
+	     ejabberd_web:make_xhtml([?XCT(<<"h1">>,
+					   ?T("Unauthorized"))])}
    end.

 get_auth_admin(Auth, HostHTTP, RPath, Method) ->
@ -227,8 +222,13 @@ get_auth_admin(Auth, HostHTTP, RPath, Method) ->
 	  {HostOfRule, AccessRule} = get_acl_rule(RPath, Method),
 	    try jid:decode(SJID) of
 		#jid{user = <<"">>, server = User} ->
-		    get_auth_account(HostOfRule, AccessRule, User, HostHTTP,
-				     Pass);
+		    case ejabberd_router:is_my_host(HostHTTP) of
+			true ->
+			    get_auth_account(HostOfRule, AccessRule, User, HostHTTP,
+					     Pass);
+			_ ->
+			    {unauthorized, <<"missing-server">>}
+		    end;
 		#jid{user = User, server = Server} ->
 		    get_auth_account(HostOfRule, AccessRule, User, Server,
 				     Pass)