Chapril/xmpp.chapril.org-ejabberd
25
1
Fork 0
mirror of https://github.com/processone/ejabberd.git synced 2024-11-20 16:15:59 +01:00
Code Releases Activity

HTTP ReST API now supports 'open' ejabberd commands

Browse Source
This commit is contained in:
Mickael Remond 2016-03-30 14:23:09 +02:00
parent 6f25122f8c
commit ead83b008c
4 changed files with 109 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/ejabberd_commands.erl
View File

@ -212,6 +212,7 @@
list_commands/0, list_commands/0,
get_command_format/1, get_command_format/1,
get_command_format/2, get_command_format/2,
get_command_policy/1,
get_command_definition/1, get_command_definition/1,
get_tags_commands/0, get_tags_commands/0,
get_commands/0, get_commands/0,
@ -338,6 +339,17 @@ get_command_format(Name, Auth) ->
{Args, Result} {Args, Result}
end. end.
-spec get_command_policy(atom()) -> {ok, open|user|admin|restricted} | {error, command_not_found}.
%% @doc return command policy.
get_command_policy(Name) ->
case get_command_definition(Name) of
#ejabberd_commands{policy = Policy} ->
{ok, Policy};
command_not_found ->
{error, command_not_found}
end.
-spec get_command_definition(atom()) -> ejabberd_commands() | command_not_found. -spec get_command_definition(atom()) -> ejabberd_commands() | command_not_found.
%% @doc Get the definition record of a command. %% @doc Get the definition record of a command.

18
src/mod_http_api.erl
View File

@ -116,7 +116,6 @@ start(_Host, _Opts) ->
stop(_Host) -> stop(_Host) ->
ok. ok.
%% ---------- %% ----------
%% basic auth %% basic auth
%% ---------- %% ----------
@ -124,12 +123,13 @@ stop(_Host) ->
check_permissions(Request, Command) -> check_permissions(Request, Command) ->
case catch binary_to_existing_atom(Command, utf8) of case catch binary_to_existing_atom(Command, utf8) of
Call when is_atom(Call) -> Call when is_atom(Call) ->
check_permissions2(Request, Call); {ok, CommandPolicy} = ejabberd_commands:get_command_policy(Call),
check_permissions2(Request, Call, CommandPolicy);
_ -> _ ->
unauthorized_response() unauthorized_response()
end. end.
check_permissions2(#request{auth = HTTPAuth, headers = Headers}, Call) check_permissions2(#request{auth = HTTPAuth, headers = Headers}, Call, _)
when HTTPAuth /= undefined -> when HTTPAuth /= undefined ->
Admin = Admin =
case lists:keysearch(<<"X-Admin">>, 1, Headers) of case lists:keysearch(<<"X-Admin">>, 1, Headers) of
@ -162,7 +162,9 @@ check_permissions2(#request{auth = HTTPAuth, headers = Headers}, Call)
{ok, A} -> {allowed, Call, A}; {ok, A} -> {allowed, Call, A};
_ -> unauthorized_response() _ -> unauthorized_response()
end; end;
check_permissions2(#request{ip={IP, _Port}}, Call) -> check_permissions2(_Request, Call, open) ->
{allowed, Call, noauth};
check_permissions2(#request{ip={IP, _Port}}, Call, _Policy) ->
Access = gen_mod:get_module_opt(global, ?MODULE, admin_ip_access, Access = gen_mod:get_module_opt(global, ?MODULE, admin_ip_access,
mod_opt_type(admin_ip_access), mod_opt_type(admin_ip_access),
none), none),
@ -207,7 +209,8 @@ process([Call], #request{method = 'POST', data = Data, ip = IP} = Req) ->
{allowed, Cmd, Auth} -> {allowed, Cmd, Auth} ->
{Code, Result} = handle(Cmd, Auth, Args), {Code, Result} = handle(Cmd, Auth, Args),
json_response(Code, jiffy:encode(Result)); json_response(Code, jiffy:encode(Result));
ErrorResponse -> %% Should we reply 403 ? %% Warning: check_permission direcly formats 401 reply if not authorized
ErrorResponse ->
ErrorResponse ErrorResponse
end end
catch _:Error -> catch _:Error ->
@ -225,6 +228,7 @@ process([Call], #request{method = 'GET', q = Data, ip = IP} = Req) ->
{allowed, Cmd, Auth} -> {allowed, Cmd, Auth} ->
{Code, Result} = handle(Cmd, Auth, Args), {Code, Result} = handle(Cmd, Auth, Args),
json_response(Code, jiffy:encode(Result)); json_response(Code, jiffy:encode(Result));
%% Warning: check_permission direcly formats 401 reply if not authorized
ErrorResponse -> ErrorResponse ->
ErrorResponse ErrorResponse
end end
@ -434,7 +438,9 @@ json_response(Code, Body) when is_integer(Code) ->
log(Call, Args, {Addr, Port}) -> log(Call, Args, {Addr, Port}) ->
AddrS = jlib:ip_to_list({Addr, Port}), AddrS = jlib:ip_to_list({Addr, Port}),
?INFO_MSG("API call ~s ~p from ~s:~p", [Call, Args, AddrS, Port]). ?INFO_MSG("API call ~s ~p from ~s:~p", [Call, Args, AddrS, Port]);
log(Call, Args, IP) ->
?INFO_MSG("API call ~s ~p (~p)", [Call, Args, IP]).
mod_opt_type(admin_ip_access) -> mod_opt_type(admin_ip_access) ->
fun(Access) when is_atom(Access) -> Access end; fun(Access) when is_atom(Access) -> Access end;

4
test/ejabberd_commands_test.exs
View File

@ -36,6 +36,10 @@ defmodule EjabberdCommandsTest do
assert Enum.member?(commands, {:test_user, [], "Test user"}) assert Enum.member?(commands, {:test_user, [], "Test user"})
end end
# TODO Test that we can add command to list of expose commands
# This can be done with:
# ejabberd_config:add_local_option(commands, [[{add_commands, [open_cmd]}]]).
# test "Check that a user can use a user command" do # test "Check that a user can use a user command" do
# [Command] = ets:lookup(ejabberd_commands, test_user), # [Command] = ets:lookup(ejabberd_commands, test_user),
# AccessCommands = ejabberd_commands:get_access_commands(undefined), # AccessCommands = ejabberd_commands:get_access_commands(undefined),

81
test/mod_http_api_test.exs Normal file
View File

@ -0,0 +1,81 @@
# ----------------------------------------------------------------------
#
# ejabberd, Copyright (C) 2002-2016 ProcessOne
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
# ----------------------------------------------------------------------
defmodule ModHttpApiTest do
@author "mremond@process-one.net"
use ExUnit.Case, async: true
require Record
Record.defrecord :request, Record.extract(:request, from_lib: "ejabberd/include/ejabberd_http.hrl")
Record.defrecord :ejabberd_commands, Record.extract(:ejabberd_commands, from_lib: "ejabberd/include/ejabberd_commands.hrl")
setup_all do
:ok = :mnesia.start
:ok = :ejabberd_config.start(["localhost"], [])
:ok = :ejabberd_commands.init
:ok = :ejabberd_commands.register_commands(cmds)
on_exit fn -> unregister_commands(cmds) end
end
test "We can call open commands without authentication" do
:ejabberd_config.add_local_option(:commands, [[{:add_commands, [:open_cmd]}]])
request = request(method: :POST, data: "[]")
{200, _, _} = :mod_http_api.process(["open_cmd"], request)
end
@tag pending: true
test "Call to user, admin, restricted commands without authentication are rejected" do
request = request(method: :POST, data: "[]")
{401, _, _} = :mod_http_api.process(["user_cmd"], request)
end
# Define a set of test commands that we expose through API
defp cmds do
# TODO Refactor
[ejabberd_commands(name: :open_cmd, tags: [:test],
policy: :open,
module: __MODULE__,
function: :open_cmd_fun,
args: [],
result: {:res, :rescode}),
ejabberd_commands(name: :user_cmd, tags: [:test],
policy: :user,
module: __MODULE__,
function: :user_cmd_fun,
args: [],
result: {:res, :rescode})
]
end
def open_cmd_fun, do: :ok
def user_cmd_fun, do: :ok
defp unregister_commands(commands) do
try do
:ejabberd_commands.unregister_commands(commands)
catch
_,_ -> :ok
end
end
end