diff options
| author | Paweł Chmielowski <pchmielowski@process-one.net> | 2019-10-09 10:31:02 +0200 |
|---|---|---|
| committer | Paweł Chmielowski <pchmielowski@process-one.net> | 2019-10-15 09:35:06 +0200 |
| commit | 19637ce17d40ffd70bd7af7c9cd168d3915f0904 (patch) | |
| tree | 98ce781c1e861987a3c115a24d26050e4920fd60 | |
| parent | Update Guide links in WebAdmin to website, as local file isn't included (diff) | |
Verify http host in web admin only if authentication is missing host
This should allow access to web admin through ip address or just served
from domain not defined in ejabberd hosts
| -rw-r--r-- | src/ejabberd_web_admin.erl | 64 |
1 files changed, 32 insertions, 32 deletions
diff --git a/src/ejabberd_web_admin.erl b/src/ejabberd_web_admin.erl index fc9ecc865..9dc96eedd 100644 --- a/src/ejabberd_web_admin.erl +++ b/src/ejabberd_web_admin.erl @@ -189,36 +189,31 @@ process(RPath, #request{auth = Auth, lang = Lang, host = HostHTTP, method = Method} = Request) -> - case ejabberd_router:is_my_host(HostHTTP) of - true -> - case get_auth_admin(Auth, HostHTTP, RPath, Method) of - {ok, {User, Server}} -> - AJID = get_jid(Auth, HostHTTP, Method), - process_admin(global, - Request#request{path = RPath, - us = {User, Server}}, - AJID); - {unauthorized, <<"no-auth-provided">>} -> - {401, - [{<<"WWW-Authenticate">>, - <<"basic realm=\"ejabberd\"">>}], - ejabberd_web:make_xhtml([?XCT(<<"h1">>, - ?T("Unauthorized"))])}; - {unauthorized, Error} -> - {BadUser, _BadPass} = Auth, - {IPT, _Port} = Request#request.ip, - IPS = ejabberd_config:may_hide_data(misc:ip_to_list(IPT)), - ?WARNING_MSG("Access of ~p from ~p failed with error: ~p", - [BadUser, IPS, Error]), - {401, - [{<<"WWW-Authenticate">>, - <<"basic realm=\"auth error, retry login " - "to ejabberd\"">>}], - ejabberd_web:make_xhtml([?XCT(<<"h1">>, - ?T("Unauthorized"))])} - end; - false -> - ejabberd_web:error(not_found) + case get_auth_admin(Auth, HostHTTP, RPath, Method) of + {ok, {User, Server}} -> + AJID = get_jid(Auth, HostHTTP, Method), + process_admin(global, + Request#request{path = RPath, + us = {User, Server}}, + AJID); + {unauthorized, <<"no-auth-provided">>} -> + {401, + [{<<"WWW-Authenticate">>, + <<"basic realm=\"ejabberd\"">>}], + ejabberd_web:make_xhtml([?XCT(<<"h1">>, + ?T("Unauthorized"))])}; + {unauthorized, Error} -> + {BadUser, _BadPass} = Auth, + {IPT, _Port} = Request#request.ip, + IPS = ejabberd_config:may_hide_data(misc:ip_to_list(IPT)), + ?WARNING_MSG("Access of ~p from ~p failed with error: ~p", + [BadUser, IPS, Error]), + {401, + [{<<"WWW-Authenticate">>, + <<"basic realm=\"auth error, retry login " + "to ejabberd\"">>}], + ejabberd_web:make_xhtml([?XCT(<<"h1">>, + ?T("Unauthorized"))])} end. get_auth_admin(Auth, HostHTTP, RPath, Method) -> @@ -227,8 +222,13 @@ get_auth_admin(Auth, HostHTTP, RPath, Method) -> {HostOfRule, AccessRule} = get_acl_rule(RPath, Method), try jid:decode(SJID) of #jid{user = <<"">>, server = User} -> - get_auth_account(HostOfRule, AccessRule, User, HostHTTP, - Pass); + case ejabberd_router:is_my_host(HostHTTP) of + true -> + get_auth_account(HostOfRule, AccessRule, User, HostHTTP, + Pass); + _ -> + {unauthorized, <<"missing-server">>} + end; #jid{user = User, server = Server} -> get_auth_account(HostOfRule, AccessRule, User, Server, Pass) |