mirror of
https://github.com/processone/ejabberd.git
synced 2024-12-24 17:29:28 +01:00
Verify http host in web admin only if authentication is missing host
This should allow access to web admin through ip address or just served from domain not defined in ejabberd hosts
This commit is contained in:
parent
584a4b0a2b
commit
8d571adca8
@ -189,36 +189,31 @@ process(RPath,
|
||||
#request{auth = Auth, lang = Lang, host = HostHTTP,
|
||||
method = Method} =
|
||||
Request) ->
|
||||
case ejabberd_router:is_my_host(HostHTTP) of
|
||||
true ->
|
||||
case get_auth_admin(Auth, HostHTTP, RPath, Method) of
|
||||
{ok, {User, Server}} ->
|
||||
AJID = get_jid(Auth, HostHTTP, Method),
|
||||
process_admin(global,
|
||||
Request#request{path = RPath,
|
||||
us = {User, Server}},
|
||||
AJID);
|
||||
{unauthorized, <<"no-auth-provided">>} ->
|
||||
{401,
|
||||
[{<<"WWW-Authenticate">>,
|
||||
<<"basic realm=\"ejabberd\"">>}],
|
||||
ejabberd_web:make_xhtml([?XCT(<<"h1">>,
|
||||
?T("Unauthorized"))])};
|
||||
{unauthorized, Error} ->
|
||||
{BadUser, _BadPass} = Auth,
|
||||
{IPT, _Port} = Request#request.ip,
|
||||
IPS = ejabberd_config:may_hide_data(misc:ip_to_list(IPT)),
|
||||
?WARNING_MSG("Access of ~p from ~p failed with error: ~p",
|
||||
[BadUser, IPS, Error]),
|
||||
{401,
|
||||
[{<<"WWW-Authenticate">>,
|
||||
<<"basic realm=\"auth error, retry login "
|
||||
"to ejabberd\"">>}],
|
||||
ejabberd_web:make_xhtml([?XCT(<<"h1">>,
|
||||
?T("Unauthorized"))])}
|
||||
end;
|
||||
false ->
|
||||
ejabberd_web:error(not_found)
|
||||
case get_auth_admin(Auth, HostHTTP, RPath, Method) of
|
||||
{ok, {User, Server}} ->
|
||||
AJID = get_jid(Auth, HostHTTP, Method),
|
||||
process_admin(global,
|
||||
Request#request{path = RPath,
|
||||
us = {User, Server}},
|
||||
AJID);
|
||||
{unauthorized, <<"no-auth-provided">>} ->
|
||||
{401,
|
||||
[{<<"WWW-Authenticate">>,
|
||||
<<"basic realm=\"ejabberd\"">>}],
|
||||
ejabberd_web:make_xhtml([?XCT(<<"h1">>,
|
||||
?T("Unauthorized"))])};
|
||||
{unauthorized, Error} ->
|
||||
{BadUser, _BadPass} = Auth,
|
||||
{IPT, _Port} = Request#request.ip,
|
||||
IPS = ejabberd_config:may_hide_data(misc:ip_to_list(IPT)),
|
||||
?WARNING_MSG("Access of ~p from ~p failed with error: ~p",
|
||||
[BadUser, IPS, Error]),
|
||||
{401,
|
||||
[{<<"WWW-Authenticate">>,
|
||||
<<"basic realm=\"auth error, retry login "
|
||||
"to ejabberd\"">>}],
|
||||
ejabberd_web:make_xhtml([?XCT(<<"h1">>,
|
||||
?T("Unauthorized"))])}
|
||||
end.
|
||||
|
||||
get_auth_admin(Auth, HostHTTP, RPath, Method) ->
|
||||
@ -227,8 +222,13 @@ get_auth_admin(Auth, HostHTTP, RPath, Method) ->
|
||||
{HostOfRule, AccessRule} = get_acl_rule(RPath, Method),
|
||||
try jid:decode(SJID) of
|
||||
#jid{user = <<"">>, server = User} ->
|
||||
get_auth_account(HostOfRule, AccessRule, User, HostHTTP,
|
||||
Pass);
|
||||
case ejabberd_router:is_my_host(HostHTTP) of
|
||||
true ->
|
||||
get_auth_account(HostOfRule, AccessRule, User, HostHTTP,
|
||||
Pass);
|
||||
_ ->
|
||||
{unauthorized, <<"missing-server">>}
|
||||
end;
|
||||
#jid{user = User, server = Server} ->
|
||||
get_auth_account(HostOfRule, AccessRule, User, Server,
|
||||
Pass)
|
||||
|
Loading…
Reference in New Issue
Block a user