Verify http host in web admin only if authentication is missing host

This should allow access to web admin through ip address or just served from domain not defined in ejabberd hosts
author: Paweł Chmielowski <pchmielowski@process-one.net> 2019-10-09 10:31:02 +0200
committer: Paweł Chmielowski <pchmielowski@process-one.net> 2019-10-09 10:31:02 +0200
commit: 8d571adca845285aa4928ada25d31cdbc32ef0a0 (patch)
tree: ac25980e426d94257a9c60d6b1fa42d7e0498149 /src
parent: Try removing label as bug (diff)
1 files changed, 32 insertions, 32 deletions
diff --git a/src/ejabberd_web_admin.erl b/src/ejabberd_web_admin.erl
index bc0fc8e7b..4ae97df02 100644
--- a/src/ejabberd_web_admin.erl
+++ b/src/ejabberd_web_admin.erl
@@ -189,36 +189,31 @@ process(RPath,
 	#request{auth = Auth, lang = Lang, host = HostHTTP,
 		 method = Method} =
 	    Request) ->
-    case ejabberd_router:is_my_host(HostHTTP) of
-	true ->
-	    case get_auth_admin(Auth, HostHTTP, RPath, Method) of
-		{ok, {User, Server}} ->
-		    AJID = get_jid(Auth, HostHTTP, Method),
-		    process_admin(global,
-				  Request#request{path = RPath,
-						  us = {User, Server}},
-				  AJID);
-		{unauthorized, <<"no-auth-provided">>} ->
-		    {401,
-		     [{<<"WWW-Authenticate">>,
-		       <<"basic realm=\"ejabberd\"">>}],
-		     ejabberd_web:make_xhtml([?XCT(<<"h1">>,
-						   ?T("Unauthorized"))])};
-		{unauthorized, Error} ->
-		    {BadUser, _BadPass} = Auth,
-		    {IPT, _Port} = Request#request.ip,
-		    IPS = ejabberd_config:may_hide_data(misc:ip_to_list(IPT)),
-		    ?WARNING_MSG("Access of ~p from ~p failed with error: ~p",
-				 [BadUser, IPS, Error]),
-		    {401,
-		     [{<<"WWW-Authenticate">>,
-		       <<"basic realm=\"auth error, retry login "
-			 "to ejabberd\"">>}],
-		     ejabberd_web:make_xhtml([?XCT(<<"h1">>,
-						   ?T("Unauthorized"))])}
-	    end;
-	false ->
-	    ejabberd_web:error(not_found)
+    case get_auth_admin(Auth, HostHTTP, RPath, Method) of
+	{ok, {User, Server}} ->
+	    AJID = get_jid(Auth, HostHTTP, Method),
+	    process_admin(global,
+			  Request#request{path = RPath,
+					  us = {User, Server}},
+			  AJID);
+	{unauthorized, <<"no-auth-provided">>} ->
+	    {401,
+	     [{<<"WWW-Authenticate">>,
+	       <<"basic realm=\"ejabberd\"">>}],
+	     ejabberd_web:make_xhtml([?XCT(<<"h1">>,
+					   ?T("Unauthorized"))])};
+	{unauthorized, Error} ->
+	    {BadUser, _BadPass} = Auth,
+	    {IPT, _Port} = Request#request.ip,
+	    IPS = ejabberd_config:may_hide_data(misc:ip_to_list(IPT)),
+	    ?WARNING_MSG("Access of ~p from ~p failed with error: ~p",
+			 [BadUser, IPS, Error]),
+	    {401,
+	     [{<<"WWW-Authenticate">>,
+	       <<"basic realm=\"auth error, retry login "
+		 "to ejabberd\"">>}],
+	     ejabberd_web:make_xhtml([?XCT(<<"h1">>,
+					   ?T("Unauthorized"))])}
     end.
 
 get_auth_admin(Auth, HostHTTP, RPath, Method) ->
@@ -227,8 +222,13 @@ get_auth_admin(Auth, HostHTTP, RPath, Method) ->
 	  {HostOfRule, AccessRule} = get_acl_rule(RPath, Method),
 	    try jid:decode(SJID) of
 		#jid{user = <<"">>, server = User} ->
-		    get_auth_account(HostOfRule, AccessRule, User, HostHTTP,
-				     Pass);
+		    case ejabberd_router:is_my_host(HostHTTP) of
+			true ->
+			    get_auth_account(HostOfRule, AccessRule, User, HostHTTP,
+					     Pass);
+			_ ->
+			    {unauthorized, <<"missing-server">>}
+		    end;
 		#jid{user = User, server = Server} ->
 		    get_auth_account(HostOfRule, AccessRule, User, Server,
 				     Pass)
author	Paweł Chmielowski <pchmielowski@process-one.net>	2019-10-09 10:31:02 +0200
committer	Paweł Chmielowski <pchmielowski@process-one.net>	2019-10-09 10:31:02 +0200
commit	8d571adca845285aa4928ada25d31cdbc32ef0a0 (patch)
tree	ac25980e426d94257a9c60d6b1fa42d7e0498149 /src
parent	Try removing label as bug (diff)