mirror of
https://github.com/processone/ejabberd.git
synced 2024-11-22 16:20:52 +01:00
Merge pull request #1044 from processone/http-api
Add ability to call open ejabberd commands through ReST API
This commit is contained in:
commit
7c2998a55d
@ -23,8 +23,7 @@
|
||||
path = [] :: [binary()],
|
||||
q = [] :: [{binary() | nokey, binary()}],
|
||||
us = {<<>>, <<>>} :: {binary(), binary()},
|
||||
auth :: {binary(), binary()} |
|
||||
{auth_jid, {binary(), binary()}, jlib:jid()},
|
||||
auth :: {binary(), binary()} | {oauth, binary(), []} | undefined,
|
||||
lang = <<"">> :: binary(),
|
||||
data = <<"">> :: binary(),
|
||||
ip :: {inet:ip_address(), inet:port_number()},
|
||||
|
@ -212,6 +212,7 @@
|
||||
list_commands/0,
|
||||
get_command_format/1,
|
||||
get_command_format/2,
|
||||
get_command_policy/1,
|
||||
get_command_definition/1,
|
||||
get_tags_commands/0,
|
||||
get_commands/0,
|
||||
@ -338,6 +339,17 @@ get_command_format(Name, Auth) ->
|
||||
{Args, Result}
|
||||
end.
|
||||
|
||||
-spec get_command_policy(atom()) -> {ok, open|user|admin|restricted} | {error, command_not_found}.
|
||||
|
||||
%% @doc return command policy.
|
||||
get_command_policy(Name) ->
|
||||
case get_command_definition(Name) of
|
||||
#ejabberd_commands{policy = Policy} ->
|
||||
{ok, Policy};
|
||||
command_not_found ->
|
||||
{error, command_not_found}
|
||||
end.
|
||||
|
||||
-spec get_command_definition(atom()) -> ejabberd_commands() | command_not_found.
|
||||
|
||||
%% @doc Get the definition record of a command.
|
||||
|
@ -753,6 +753,7 @@ code_to_phrase(503) -> <<"Service Unavailable">>;
|
||||
code_to_phrase(504) -> <<"Gateway Timeout">>;
|
||||
code_to_phrase(505) -> <<"HTTP Version Not Supported">>.
|
||||
|
||||
-spec parse_auth(binary()) -> {binary(), binary()} | {oauth, binary(), []} | undefined.
|
||||
parse_auth(<<"Basic ", Auth64/binary>>) ->
|
||||
Auth = jlib:decode_base64(Auth64),
|
||||
%% Auth should be a string with the format: user@server:password
|
||||
|
@ -116,7 +116,6 @@ start(_Host, _Opts) ->
|
||||
stop(_Host) ->
|
||||
ok.
|
||||
|
||||
|
||||
%% ----------
|
||||
%% basic auth
|
||||
%% ----------
|
||||
@ -124,12 +123,13 @@ stop(_Host) ->
|
||||
check_permissions(Request, Command) ->
|
||||
case catch binary_to_existing_atom(Command, utf8) of
|
||||
Call when is_atom(Call) ->
|
||||
check_permissions2(Request, Call);
|
||||
{ok, CommandPolicy} = ejabberd_commands:get_command_policy(Call),
|
||||
check_permissions2(Request, Call, CommandPolicy);
|
||||
_ ->
|
||||
unauthorized_response()
|
||||
end.
|
||||
|
||||
check_permissions2(#request{auth = HTTPAuth, headers = Headers}, Call)
|
||||
check_permissions2(#request{auth = HTTPAuth, headers = Headers}, Call, _)
|
||||
when HTTPAuth /= undefined ->
|
||||
Admin =
|
||||
case lists:keysearch(<<"X-Admin">>, 1, Headers) of
|
||||
@ -162,7 +162,9 @@ check_permissions2(#request{auth = HTTPAuth, headers = Headers}, Call)
|
||||
{ok, A} -> {allowed, Call, A};
|
||||
_ -> unauthorized_response()
|
||||
end;
|
||||
check_permissions2(#request{ip={IP, _Port}}, Call) ->
|
||||
check_permissions2(_Request, Call, open) ->
|
||||
{allowed, Call, noauth};
|
||||
check_permissions2(#request{ip={IP, _Port}}, Call, _Policy) ->
|
||||
Access = gen_mod:get_module_opt(global, ?MODULE, admin_ip_access,
|
||||
mod_opt_type(admin_ip_access),
|
||||
none),
|
||||
@ -181,7 +183,9 @@ check_permissions2(#request{ip={IP, _Port}}, Call) ->
|
||||
end;
|
||||
_ ->
|
||||
unauthorized_response()
|
||||
end.
|
||||
end;
|
||||
check_permissions2(_Request, _Call, _Policy) ->
|
||||
unauthorized_response().
|
||||
|
||||
oauth_check_token(Scope, Token) when is_atom(Scope) ->
|
||||
oauth_check_token(atom_to_binary(Scope, utf8), Token);
|
||||
@ -207,7 +211,8 @@ process([Call], #request{method = 'POST', data = Data, ip = IP} = Req) ->
|
||||
{allowed, Cmd, Auth} ->
|
||||
{Code, Result} = handle(Cmd, Auth, Args),
|
||||
json_response(Code, jiffy:encode(Result));
|
||||
ErrorResponse -> %% Should we reply 403 ?
|
||||
%% Warning: check_permission direcly formats 401 reply if not authorized
|
||||
ErrorResponse ->
|
||||
ErrorResponse
|
||||
end
|
||||
catch _:Error ->
|
||||
@ -225,6 +230,7 @@ process([Call], #request{method = 'GET', q = Data, ip = IP} = Req) ->
|
||||
{allowed, Cmd, Auth} ->
|
||||
{Code, Result} = handle(Cmd, Auth, Args),
|
||||
json_response(Code, jiffy:encode(Result));
|
||||
%% Warning: check_permission direcly formats 401 reply if not authorized
|
||||
ErrorResponse ->
|
||||
ErrorResponse
|
||||
end
|
||||
@ -273,6 +279,7 @@ handle2(Call, Auth, Args) when is_atom(Call), is_list(Args) ->
|
||||
0 -> {200, <<"OK">>};
|
||||
1 -> {500, <<"500 Internal server error">>};
|
||||
400 -> {400, <<"400 Bad Request">>};
|
||||
401 -> {401, <<"401 Unauthorized">>};
|
||||
404 -> {404, <<"404 Not found">>};
|
||||
Res -> format_command_result(Call, Auth, Res)
|
||||
end.
|
||||
@ -360,6 +367,7 @@ ejabberd_command(Auth, Cmd, Args, Default) ->
|
||||
end,
|
||||
case catch ejabberd_commands:execute_command(Access, Auth, Cmd, Args) of
|
||||
{'EXIT', _} -> Default;
|
||||
{error, account_unprivileged} -> 401;
|
||||
{error, _} -> Default;
|
||||
Result -> Result
|
||||
end.
|
||||
@ -434,7 +442,9 @@ json_response(Code, Body) when is_integer(Code) ->
|
||||
|
||||
log(Call, Args, {Addr, Port}) ->
|
||||
AddrS = jlib:ip_to_list({Addr, Port}),
|
||||
?INFO_MSG("API call ~s ~p from ~s:~p", [Call, Args, AddrS, Port]).
|
||||
?INFO_MSG("API call ~s ~p from ~s:~p", [Call, Args, AddrS, Port]);
|
||||
log(Call, Args, IP) ->
|
||||
?INFO_MSG("API call ~s ~p (~p)", [Call, Args, IP]).
|
||||
|
||||
mod_opt_type(admin_ip_access) ->
|
||||
fun(Access) when is_atom(Access) -> Access end;
|
||||
|
@ -36,6 +36,10 @@ defmodule EjabberdCommandsTest do
|
||||
assert Enum.member?(commands, {:test_user, [], "Test user"})
|
||||
end
|
||||
|
||||
# TODO Test that we can add command to list of expose commands
|
||||
# This can be done with:
|
||||
# ejabberd_config:add_local_option(commands, [[{add_commands, [open_cmd]}]]).
|
||||
|
||||
# test "Check that a user can use a user command" do
|
||||
# [Command] = ets:lookup(ejabberd_commands, test_user),
|
||||
# AccessCommands = ejabberd_commands:get_access_commands(undefined),
|
||||
|
@ -65,7 +65,9 @@ undefined_function(Module, Func, Args) ->
|
||||
error_handler:undefined_function(Module, Func,Args).
|
||||
|
||||
run_elixir_test(Func) ->
|
||||
'Elixir.ExUnit':start([]),
|
||||
%% Elixir tests can be tagged as follow to be ignored (place before test start)
|
||||
%% @tag pending: true
|
||||
'Elixir.ExUnit':start([{exclude, [{pending, true}]}]),
|
||||
'Elixir.Code':load_file(list_to_binary(filename:join(test_dir(), atom_to_list(Func)))),
|
||||
%% I did not use map syntax, so that this file can still be build under R16
|
||||
ResultMap = 'Elixir.ExUnit':run(),
|
||||
|
88
test/mod_http_api_test.exs
Normal file
88
test/mod_http_api_test.exs
Normal file
@ -0,0 +1,88 @@
|
||||
# ----------------------------------------------------------------------
|
||||
#
|
||||
# ejabberd, Copyright (C) 2002-2016 ProcessOne
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License as
|
||||
# published by the Free Software Foundation; either version 2 of the
|
||||
# License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
# General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License along
|
||||
# with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
#
|
||||
# ----------------------------------------------------------------------
|
||||
|
||||
defmodule ModHttpApiTest do
|
||||
@author "mremond@process-one.net"
|
||||
|
||||
use ExUnit.Case, async: true
|
||||
|
||||
require Record
|
||||
Record.defrecord :request, Record.extract(:request, from_lib: "ejabberd/include/ejabberd_http.hrl")
|
||||
Record.defrecord :ejabberd_commands, Record.extract(:ejabberd_commands, from_lib: "ejabberd/include/ejabberd_commands.hrl")
|
||||
|
||||
setup_all do
|
||||
:ok = :mnesia.start
|
||||
:ok = :ejabberd_config.start(["localhost"], [])
|
||||
|
||||
:ok = :ejabberd_commands.init
|
||||
|
||||
:ok = :ejabberd_commands.register_commands(cmds)
|
||||
on_exit fn -> unregister_commands(cmds) end
|
||||
end
|
||||
|
||||
test "We can call open commands without authentication" do
|
||||
:ejabberd_config.add_local_option(:commands, [[{:add_commands, [:open_cmd]}]])
|
||||
request = request(method: :POST, data: "[]")
|
||||
{200, _, _} = :mod_http_api.process(["open_cmd"], request)
|
||||
end
|
||||
|
||||
# This related to the commands config file option
|
||||
test "Attempting to access a command that is not exposed as HTTP API returns 401" do
|
||||
:ejabberd_config.add_local_option(:commands, [])
|
||||
request = request(method: :POST, data: "[]")
|
||||
{401, _, _} = :mod_http_api.process(["open_cmd"], request)
|
||||
end
|
||||
|
||||
test "Call to user commands without authentication are rejected" do
|
||||
:ejabberd_config.add_local_option(:commands, [[{:add_commands, [:user_cmd]}]])
|
||||
request = request(method: :POST, data: "[]")
|
||||
{401, _, _} = :mod_http_api.process(["user_cmd"], request)
|
||||
end
|
||||
|
||||
# Define a set of test commands that we expose through API
|
||||
defp cmds do
|
||||
# TODO Refactor
|
||||
[ejabberd_commands(name: :open_cmd, tags: [:test],
|
||||
policy: :open,
|
||||
module: __MODULE__,
|
||||
function: :open_cmd_fun,
|
||||
args: [],
|
||||
result: {:res, :rescode}),
|
||||
ejabberd_commands(name: :user_cmd, tags: [:test],
|
||||
policy: :user,
|
||||
module: __MODULE__,
|
||||
function: :user_cmd_fun,
|
||||
args: [],
|
||||
result: {:res, :rescode})
|
||||
]
|
||||
end
|
||||
|
||||
def open_cmd_fun, do: :ok
|
||||
def user_cmd_fun, do: :ok
|
||||
|
||||
defp unregister_commands(commands) do
|
||||
try do
|
||||
:ejabberd_commands.unregister_commands(commands)
|
||||
catch
|
||||
_,_ -> :ok
|
||||
end
|
||||
end
|
||||
|
||||
end
|
Loading…
Reference in New Issue
Block a user