list_commands/0,
get_command_format/1,
get_command_format/2,
+ get_command_policy/1,
get_command_definition/1,
get_tags_commands/0,
get_commands/0,
{Args, Result}
end.
+-spec get_command_policy(atom()) -> {ok, open|user|admin|restricted} | {error, command_not_found}.
+
+%% @doc return command policy.
+get_command_policy(Name) ->
+ case get_command_definition(Name) of
+ #ejabberd_commands{policy = Policy} ->
+ {ok, Policy};
+ command_not_found ->
+ {error, command_not_found}
+ end.
+
-spec get_command_definition(atom()) -> ejabberd_commands() | command_not_found.
%% @doc Get the definition record of a command.
stop(_Host) ->
ok.
-
%% ----------
%% basic auth
%% ----------
check_permissions(Request, Command) ->
case catch binary_to_existing_atom(Command, utf8) of
Call when is_atom(Call) ->
- check_permissions2(Request, Call);
+ {ok, CommandPolicy} = ejabberd_commands:get_command_policy(Call),
+ check_permissions2(Request, Call, CommandPolicy);
_ ->
unauthorized_response()
end.
-check_permissions2(#request{auth = HTTPAuth, headers = Headers}, Call)
+check_permissions2(#request{auth = HTTPAuth, headers = Headers}, Call, _)
when HTTPAuth /= undefined ->
Admin =
case lists:keysearch(<<"X-Admin">>, 1, Headers) of
{ok, A} -> {allowed, Call, A};
_ -> unauthorized_response()
end;
-check_permissions2(#request{ip={IP, _Port}}, Call) ->
+check_permissions2(_Request, Call, open) ->
+ {allowed, Call, noauth};
+check_permissions2(#request{ip={IP, _Port}}, Call, _Policy) ->
Access = gen_mod:get_module_opt(global, ?MODULE, admin_ip_access,
mod_opt_type(admin_ip_access),
none),
{allowed, Cmd, Auth} ->
{Code, Result} = handle(Cmd, Auth, Args),
json_response(Code, jiffy:encode(Result));
- ErrorResponse -> %% Should we reply 403 ?
+ %% Warning: check_permission direcly formats 401 reply if not authorized
+ ErrorResponse ->
ErrorResponse
end
catch _:Error ->
{allowed, Cmd, Auth} ->
{Code, Result} = handle(Cmd, Auth, Args),
json_response(Code, jiffy:encode(Result));
+ %% Warning: check_permission direcly formats 401 reply if not authorized
ErrorResponse ->
ErrorResponse
end
log(Call, Args, {Addr, Port}) ->
AddrS = jlib:ip_to_list({Addr, Port}),
- ?INFO_MSG("API call ~s ~p from ~s:~p", [Call, Args, AddrS, Port]).
+ ?INFO_MSG("API call ~s ~p from ~s:~p", [Call, Args, AddrS, Port]);
+log(Call, Args, IP) ->
+ ?INFO_MSG("API call ~s ~p (~p)", [Call, Args, IP]).
mod_opt_type(admin_ip_access) ->
fun(Access) when is_atom(Access) -> Access end;
assert Enum.member?(commands, {:test_user, [], "Test user"})
end
+ # TODO Test that we can add command to list of expose commands
+ # This can be done with:
+ # ejabberd_config:add_local_option(commands, [[{add_commands, [open_cmd]}]]).
+
# test "Check that a user can use a user command" do
# [Command] = ets:lookup(ejabberd_commands, test_user),
# AccessCommands = ejabberd_commands:get_access_commands(undefined),
--- /dev/null
+# ----------------------------------------------------------------------
+#
+# ejabberd, Copyright (C) 2002-2016 ProcessOne
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# ----------------------------------------------------------------------
+
+defmodule ModHttpApiTest do
+ @author "mremond@process-one.net"
+
+ use ExUnit.Case, async: true
+
+ require Record
+ Record.defrecord :request, Record.extract(:request, from_lib: "ejabberd/include/ejabberd_http.hrl")
+ Record.defrecord :ejabberd_commands, Record.extract(:ejabberd_commands, from_lib: "ejabberd/include/ejabberd_commands.hrl")
+
+ setup_all do
+ :ok = :mnesia.start
+ :ok = :ejabberd_config.start(["localhost"], [])
+
+ :ok = :ejabberd_commands.init
+
+ :ok = :ejabberd_commands.register_commands(cmds)
+ on_exit fn -> unregister_commands(cmds) end
+ end
+
+ test "We can call open commands without authentication" do
+ :ejabberd_config.add_local_option(:commands, [[{:add_commands, [:open_cmd]}]])
+ request = request(method: :POST, data: "[]")
+ {200, _, _} = :mod_http_api.process(["open_cmd"], request)
+ end
+
+ @tag pending: true
+ test "Call to user, admin, restricted commands without authentication are rejected" do
+ request = request(method: :POST, data: "[]")
+ {401, _, _} = :mod_http_api.process(["user_cmd"], request)
+ end
+
+ # Define a set of test commands that we expose through API
+ defp cmds do
+ # TODO Refactor
+ [ejabberd_commands(name: :open_cmd, tags: [:test],
+ policy: :open,
+ module: __MODULE__,
+ function: :open_cmd_fun,
+ args: [],
+ result: {:res, :rescode}),
+ ejabberd_commands(name: :user_cmd, tags: [:test],
+ policy: :user,
+ module: __MODULE__,
+ function: :user_cmd_fun,
+ args: [],
+ result: {:res, :rescode})
+ ]
+ end
+
+ def open_cmd_fun, do: :ok
+ def user_cmd_fun, do: :ok
+
+ defp unregister_commands(commands) do
+ try do
+ :ejabberd_commands.unregister_commands(commands)
+ catch
+ _,_ -> :ok
+ end
+ end
+
+end
projects / ejabberd / commitdiff