From 809057678b2872062ae052965bcc73dd0413b9b9 Mon Sep 17 00:00:00 2001 From: Mickael Remond Date: Wed, 30 Mar 2016 15:59:29 +0200 Subject: [PATCH] Better error report when command is not exposed through API --- src/mod_http_api.erl | 2 ++ test/mod_http_api_test.exs | 10 +++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/mod_http_api.erl b/src/mod_http_api.erl index bbd4a28de..c2b7d1100 100644 --- a/src/mod_http_api.erl +++ b/src/mod_http_api.erl @@ -279,6 +279,7 @@ handle2(Call, Auth, Args) when is_atom(Call), is_list(Args) -> 0 -> {200, <<"OK">>}; 1 -> {500, <<"500 Internal server error">>}; 400 -> {400, <<"400 Bad Request">>}; + 401 -> {401, <<"401 Unauthorized">>}; 404 -> {404, <<"404 Not found">>}; Res -> format_command_result(Call, Auth, Res) end. @@ -366,6 +367,7 @@ ejabberd_command(Auth, Cmd, Args, Default) -> end, case catch ejabberd_commands:execute_command(Access, Auth, Cmd, Args) of {'EXIT', _} -> Default; + {error, account_unprivileged} -> 401; {error, _} -> Default; Result -> Result end. diff --git a/test/mod_http_api_test.exs b/test/mod_http_api_test.exs index adcb47061..cc5aed5a8 100644 --- a/test/mod_http_api_test.exs +++ b/test/mod_http_api_test.exs @@ -43,7 +43,15 @@ defmodule ModHttpApiTest do {200, _, _} = :mod_http_api.process(["open_cmd"], request) end - test "Call to user, admin, restricted commands without authentication are rejected" do + # This related to the commands config file option + test "Attempting to access a command that is not exposed as HTTP API returns 401" do + :ejabberd_config.add_local_option(:commands, []) + request = request(method: :POST, data: "[]") + {401, _, _} = :mod_http_api.process(["open_cmd"], request) + end + + test "Call to user commands without authentication are rejected" do + :ejabberd_config.add_local_option(:commands, [[{:add_commands, [:user_cmd]}]]) request = request(method: :POST, data: "[]") {401, _, _} = :mod_http_api.process(["user_cmd"], request) end