Better error report when command is not exposed through API

2024-11-20 16:15:59 +01:00 · 2016-03-30 15:59:29 +02:00 · 2016-03-30 15:59:29 +02:00 · 809057678b
commit 809057678b
parent 36ac1cd6c7
2 changed files with 11 additions and 1 deletions
--- a/src/mod_http_api.erl
+++ b/src/mod_http_api.erl
@ -279,6 +279,7 @@ handle2(Call, Auth, Args) when is_atom(Call), is_list(Args) ->
        0 -> {200, <<"OK">>};
        1 -> {500, <<"500 Internal server error">>};
        400 -> {400, <<"400 Bad Request">>};
+        401 -> {401, <<"401 Unauthorized">>};
        404 -> {404, <<"404 Not found">>};
        Res -> format_command_result(Call, Auth, Res)
    end.
@ -366,6 +367,7 @@ ejabberd_command(Auth, Cmd, Args, Default) ->
             end,
    case catch ejabberd_commands:execute_command(Access, Auth, Cmd, Args) of
        {'EXIT', _} -> Default;
+        {error, account_unprivileged} -> 401;
        {error, _} -> Default;
        Result -> Result
    end.
--- a/test/mod_http_api_test.exs
+++ b/test/mod_http_api_test.exs
@ -43,7 +43,15 @@ defmodule ModHttpApiTest do
    {200, _, _} = :mod_http_api.process(["open_cmd"], request)
  end

-  test "Call to user, admin, restricted commands without authentication are rejected" do
+  # This related to the commands config file option
+  test "Attempting to access a command that is not exposed as HTTP API returns 401" do
+    :ejabberd_config.add_local_option(:commands, [])
+    request = request(method: :POST, data: "[]")
+    {401, _, _} = :mod_http_api.process(["open_cmd"], request)
+  end
+
+  test "Call to user commands without authentication are rejected" do
+    :ejabberd_config.add_local_option(:commands, [[{:add_commands, [:user_cmd]}]])
    request = request(method: :POST, data: "[]")
    {401, _, _} = :mod_http_api.process(["user_cmd"], request)
  end