Merge lastest commits from master

2024-11-20 16:15:59 +01:00 · 2016-03-31 15:37:21 +02:00 · 2016-03-31 15:37:21 +02:00 · 7988e2e350
commit 7988e2e350
parent dc0ca51ef1 d35c5ebde5
5 changed files with 44 additions and 17 deletions
--- a/include/ejabberd_http.hrl
+++ b/include/ejabberd_http.hrl
@ -23,8 +23,7 @@
 	 path = []         :: [binary()],
 	 q = []            :: [{binary() | nokey, binary()}],
 	 us = {<<>>, <<>>} :: {binary(), binary()},
-	 auth              :: {binary(), binary()} |
-	 {auth_jid, {binary(), binary()}, jlib:jid()},
+	 auth              :: {binary(), binary()} | {oauth, binary(), []} | undefined,
 	 lang = <<"">>     :: binary(),
 	 data = <<"">>     :: binary(),
 	 ip                :: {inet:ip_address(), inet:port_number()},
--- a/src/ejabberd_commands.erl
+++ b/src/ejabberd_commands.erl
@ -218,6 +218,7 @@
 	 get_command_format/1,
 	 get_command_format/2,
 	 get_command_format/3,
+         get_command_policy/1,
 	 get_command_definition/1,
 	 get_command_definition/2,
 	 get_tags_commands/0,
@ -364,6 +365,17 @@ get_command_format(Name, Auth, Version) ->
 	    {Args, Result}
    end.

+-spec get_command_policy(atom()) -> {ok, open|user|admin|restricted} | {error, command_not_found}.
+
+%% @doc return command policy.
+get_command_policy(Name) ->
+    case get_command_definition(Name) of
+        #ejabberd_commands{policy = Policy} ->
+            {ok, Policy};
+        command_not_found ->
+            {error, command_not_found}
+    end.
+
 -spec get_command_definition(atom()) -> ejabberd_commands().

 %% @doc Get the definition record of a command.
--- a/src/ejabberd_http.erl
+++ b/src/ejabberd_http.erl
@ -753,6 +753,7 @@ code_to_phrase(503) -> <<"Service Unavailable">>;
 code_to_phrase(504) -> <<"Gateway Timeout">>;
 code_to_phrase(505) -> <<"HTTP Version Not Supported">>.

+-spec parse_auth(binary()) -> {binary(), binary()} | {oauth, binary(), []} | undefined.
 parse_auth(<<"Basic ", Auth64/binary>>) ->
    Auth = jlib:decode_base64(Auth64),
    %% Auth should be a string with the format: user@server:password
--- a/src/mod_http_api.erl
+++ b/src/mod_http_api.erl
@ -123,7 +123,6 @@ start(_Host, _Opts) ->
 stop(_Host) ->
    ok.

-
 %% ----------
 %% basic auth
 %% ----------
@ -131,12 +130,13 @@ stop(_Host) ->
 check_permissions(Request, Command) ->
    case catch binary_to_existing_atom(Command, utf8) of
        Call when is_atom(Call) ->
-            check_permissions2(Request, Call);
+            {ok, CommandPolicy} = ejabberd_commands:get_command_policy(Call),
+            check_permissions2(Request, Call, CommandPolicy);
        _ ->
            unauthorized_response()
    end.

-check_permissions2(#request{auth = HTTPAuth, headers = Headers}, Call)
+check_permissions2(#request{auth = HTTPAuth, headers = Headers}, Call, _)
  when HTTPAuth /= undefined ->
    Admin =
        case lists:keysearch(<<"X-Admin">>, 1, Headers) of
@ -169,7 +169,9 @@ check_permissions2(#request{auth = HTTPAuth, headers = Headers}, Call)
        {ok, A} -> {allowed, Call, A};
        _ -> unauthorized_response()
    end;
-check_permissions2(#request{ip={IP, _Port}}, Call) ->
+check_permissions2(_Request, Call, open) ->
+    {allowed, Call, noauth};
+check_permissions2(#request{ip={IP, _Port}}, Call, _Policy) ->
    Access = gen_mod:get_module_opt(global, ?MODULE, admin_ip_access,
                                    mod_opt_type(admin_ip_access),
                                    none),
@ -189,7 +191,9 @@ check_permissions2(#request{ip={IP, _Port}}, Call) ->
        _E ->
 	    ?DEBUG("Unauthorized: ~p", [_E]),
            unauthorized_response()
-    end.
+    end;
+check_permissions2(_Request, _Call, _Policy) ->
+    unauthorized_response().

 oauth_check_token(Scope, Token) when is_atom(Scope) ->
    oauth_check_token(atom_to_binary(Scope, utf8), Token);
@ -218,7 +222,8 @@ process([Call], #request{method = 'POST', data = Data, ip = IP} = Req) ->
            {allowed, Cmd, Auth} ->
                {Code, Result} = handle(Cmd, Auth, Args, Version),
                json_response(Code, jiffy:encode(Result));
-            ErrorResponse -> %% Should we reply 403 ?
+            %% Warning: check_permission direcly formats 401 reply if not authorized
+            ErrorResponse ->
                ErrorResponse
        end
    catch _:{error,{_,invalid_json}} = _Err ->
@ -240,6 +245,7 @@ process([Call], #request{method = 'GET', q = Data, ip = IP} = Req) ->
            {allowed, Cmd, Auth} ->
                {Code, Result} = handle(Cmd, Auth, Args, Version),
                json_response(Code, jiffy:encode(Result));
+            %% Warning: check_permission direcly formats 401 reply if not authorized
            ErrorResponse ->
                ErrorResponse
        end
@ -328,13 +334,7 @@ handle(Call, Auth, Args, Version) when is_atom(Call), is_list(Args) ->
 handle2(Call, Auth, Args, Version) when is_atom(Call), is_list(Args) ->
    {ArgsF, _ResultF} = ejabberd_commands:get_command_format(Call, Auth, Version),
    ArgsFormatted = format_args(Args, ArgsF),
-    case ejabberd_commands:execute_command(undefined, Auth, 
-					   Call, ArgsFormatted, Version) of
-	{error, Error} ->
-	    throw(Error);
-	Res ->
-	    format_command_result(Call, Auth, Res, Version)
-    end.
+    ejabberd_command(Auth, Call, ArgsFormatted, Version).

 get_elem_delete(A, L) ->
    case proplists:get_all_values(A, L) of
@ -414,6 +414,17 @@ process_unicode_codepoints(Str) ->
 match(Args, Spec) ->
    [{Key, proplists:get_value(Key, Args, Default)} || {Key, Default} <- Spec].

+ejabberd_command(Auth, Cmd, Args, Version) ->
+    Access = case Auth of
+                 admin -> [];
+                 _ -> undefined
+             end,
+    case ejabberd_commands:execute_command(Access, Auth, Cmd, Args, Version) of
+        {error, Error} ->
+            throw(Error);
+        Res ->
+            format_command_result(Cmd, Auth, Res, Version)
+    end.

 format_command_result(Cmd, Auth, Result, Version) ->
    {_, ResultFormat} = ejabberd_commands:get_command_format(Cmd, Auth, Version),
@ -486,7 +497,9 @@ json_response(Code, Body) when is_integer(Code) ->

 log(Call, Args, {Addr, Port}) ->
    AddrS = jlib:ip_to_list({Addr, Port}),
-    ?INFO_MSG("API call ~s ~p from ~s:~p", [Call, Args, AddrS, Port]).
+    ?INFO_MSG("API call ~s ~p from ~s:~p", [Call, Args, AddrS, Port]);
+log(Call, Args, IP) ->
+    ?INFO_MSG("API call ~s ~p (~p)", [Call, Args, IP]).

 mod_opt_type(admin_ip_access) ->
    fun(Access) when is_atom(Access) -> Access end;
--- a/test/elixir_SUITE.erl
+++ b/test/elixir_SUITE.erl
@ -66,7 +66,9 @@ undefined_function(Module, Func, Args) ->
    error_handler:undefined_function(Module, Func,Args).

 run_elixir_test(Func) ->
-    'Elixir.ExUnit':start([]),
+    %% Elixir tests can be tagged as follow to be ignored (place before test start)
+    %% @tag pending: true
+    'Elixir.ExUnit':start([{exclude, [{pending, true}]}]),
    filelib:fold_files(test_dir(), ".*\\.exs\$", true,
 		       fun (File, N) ->
 			       'Elixir.Code':require_file(list_to_binary(File)),