Verify http host in web admin only if authentication is missing host

This should allow access to web admin through ip address or just served from domain not defined in ejabberd hosts
2024-06-16 22:05:29 +02:00 · 2019-10-09 10:31:02 +02:00 · 2019-10-09 10:31:02 +02:00 · 8d571adca8
commit 8d571adca8
parent 584a4b0a2b
1 changed files with 32 additions and 32 deletions
--- a/src/ejabberd_web_admin.erl
+++ b/src/ejabberd_web_admin.erl
@ -189,8 +189,6 @@ process(RPath,
 	#request{auth = Auth, lang = Lang, host = HostHTTP,
 		 method = Method} =
 	    Request) ->
-    case ejabberd_router:is_my_host(HostHTTP) of
-	true ->
    case get_auth_admin(Auth, HostHTTP, RPath, Method) of
 	{ok, {User, Server}} ->
 	    AJID = get_jid(Auth, HostHTTP, Method),
@ -216,9 +214,6 @@ process(RPath,
 		 "to ejabberd\"">>}],
 	     ejabberd_web:make_xhtml([?XCT(<<"h1">>,
 					   ?T("Unauthorized"))])}
-	    end;
-	false ->
-	    ejabberd_web:error(not_found)
    end.

 get_auth_admin(Auth, HostHTTP, RPath, Method) ->
@ -227,8 +222,13 @@ get_auth_admin(Auth, HostHTTP, RPath, Method) ->
 	  {HostOfRule, AccessRule} = get_acl_rule(RPath, Method),
 	    try jid:decode(SJID) of
 		#jid{user = <<"">>, server = User} ->
+		    case ejabberd_router:is_my_host(HostHTTP) of
+			true ->
 			    get_auth_account(HostOfRule, AccessRule, User, HostHTTP,
 					     Pass);
+			_ ->
+			    {unauthorized, <<"missing-server">>}
+		    end;
 		#jid{user = User, server = Server} ->
 		    get_auth_account(HostOfRule, AccessRule, User, Server,
 				     Pass)