ejabberd api/register(check_account) error Account does not have the right to perform the operation - ejabberd-module

When i open in browser address http://127.0.0.1:5280/api/check_account
i get error
{"status":"error","code":32,"message":"AccessRules: Account does not have the right to perform the operation."}
Config:
port: 5280
ip: "127.0.0.1"
module: ejabberd_http
request_handlers:
"/websocket": ejabberd_http_ws
"/api": mod_http_api
register: true
web_admin: true
http_bind: true
captcha: false
api_permissions:
"API used from localhost allows all calls":
- who:
- ip: "127.0.0.1/8"
- what:
- "*"
- "!stop"
- "!start"

Make sure you are asking a POST request using this tow parameters: "user" and "host" . your navigator use a GET request and such request can't be handled since no operation is implemented on the API
POST /api/check_account
{
"user": "peter",
"host": "myserver.com"
}
Use tools like : PostMan or Fiddler to test Http Requests on your server
Read the docs here : https://docs.ejabberd.im/developer/ejabberd-api/admin-api/

Related

How to generate bearer token in REST api of ejabberd using POSTMAN

Hello guys I am using ejabberd and I want to generate a bearer token to access all the methods and to get the data using the REST of ejabberd. When I try to generate the bearer token with no auth in header it shows an error which is
i am using the port which is 5180 for the ejabberd_http module my configuration is
port: 5180
ip: "::"
module: ejabberd_http
request_handlers:
/admin: ejabberd_web_admin
/api: mod_http_api
/xmlrpc: ejabberd_xmlrpc
/oauth": ejabberd_oauth
and the configurations of api permission is
oauth_access:
- allow:
- user:
- "admin#localhost" # add your user name
oauth_expire: 86400
acl:
local:
user_regexp: ""
loopback:
ip:
- 127.0.0.0/8
- ::1/128
- ::FFFF:127.0.0.1/128
- ::FFFF:43.250.158.125/16
admin:
user:
- "admin#localhost"
ip:
- "::"
- ::FFFF:43.250.158.125/16
api_permissions:
"some XMLRPC commands":
from: ejabberd_xmlrpc
who:
- ip: 127.0.0.1
- user: admin#localhost
what:
- "*"
# - registered_users
# - register
# - connected_users_number
# - change_password
# - check_password_hash
"admin access":
who:
ip: 127.0.0.1/8
oauth:
scope: "ejabberd:admin"
access:
allow:
acl: loopback
acl: admin
what:
- "*"
"console commands":
from:
- ejabberd_ctl
who: all
what: "*"
"loopback access":
who:
- ip: "::"
what:
- "*"
"public commands":
who:
ip: 127.0.0.1/8
what:
- "*"
access_rules:
register:
allow: all
# configure:
# - allow: all
local:
# allow
allow: all
c2s:
# deny: blocked
allow: all
announce:
allow: all
configure:
allow: all
muc_create:
allow: all
pubsub_createnode:
allow: local
trusted_network:
allow: all
i want to send the message to user using the rest but for this i need bearer token , when i try to generate bearer token is shows error plese suggest me some way to fix this issue and to generate the bearer token
thanks
Once this is configured:
oauth_expire: 3600
oauth_access:
- allow:
- user:
- "admin#localhost" # add your user name
Try first with the command line:
❯ ejabberdctl oauth_issue_token admin#localhost 3600 "registered_users;muc_online_rooms"
yamdcY4TGqltWCprCnunZjrz7ZNSmL8d [<<"registered_users">>,<<"muc_online_rooms">>] 3600 seconds
Once that works, you can try to obtain the token using the web, which requires more configuration steps.

Ejabberd: Failed to start BOSH session when connecting from client

Today I upgraded a server from Ubuntu 16.04 to 18.04, this also included a jump from ejabberd 16.01 to 18.01. Now we got a problem connecting from the client (using strophe.js)
[info] <0.359.0>#ejabberd_listener:accept:302 (<0.876.0>) Accepted connection 127.0.0.1:60552 -> 127.0.0.1:8088
[error] <0.876.0>#ejabberd_bosh:start:133 Failed to start BOSH session: {error,{noproc,{gen_server,call,[ejabberd_c2s_sup,{start_child,[{xmpp_socket,{socket_state,ejabberd_bosh,{http_bind,<0.877.0>,{{9x,1xx,2xx,1xx},60552}},infinity,undefined,none,<0.877.0>}},[{receiver,<0.877.0>},{xml_socket,true}]]},infinity]}}}
[error] <0.877.0>#gen_server:call CRASH REPORT Process <0.877.0> with 0 neighbours exited with reason: no such process or port in call to gen_server:call(ejabberd_c2s_sup, {start_child,[{xmpp_socket,{socket_state,ejabberd_bosh,{http_bind,<0.877.0>,{{9x,1xx,2xx,1xx},60552}},...}},...]}, infinity) in p1_fsm:init_it/6 line 392
[error] <0.617.0>#gen_server:call Supervisor 'mod_bosh_chat3.myserver.com' had child undefined started with {ejabberd_bosh,start_link,undefined} at <0.877.0> exit with reason no such process or port in call to gen_server:call(ejabberd_c2s_sup, {start_child,[{xmpp_socket,{socket_state,ejabberd_bosh,{http_bind,<0.877.0>,{{9x,1xx,2xx,1xx},60552}},...}},...]}, infinity) in context child_terminated
I am aware that mod_http_bind is replaced by mod_bosh. Clients connect through apache proxy from port 80 to 8088. Requesting :80/http-bind/ will therefore be passed to :8088/bosh/
I also wiped the mnesia database completely, after the upgrade to make sure it was not corrupt or deprecated.
According to this question, I also checked that curl is enabled.
At loglevel debug, the mod_bosh module seems to be started:
[debug] <0.329.0>#gen_mod:start_module:193 loading mod_bosh at jabber.myserver.com
[debug] <0.329.0>#gen_mod:start_module:193 loading mod_push at jabber.myserver.com
[debug] <0.600.0> Supervisor ejabberd_gen_mod_sup started ejabberd_tmp_sup:start_link('mod_bosh_jabber.myserver.com', ejabberd_bosh) at pid <0.651.0>
This is my complete config:
loglevel: 5
log_rotate_size: 0
log_rotate_date: ""
log_rate_limit: 100
hosts:
- "localhost"
- "jabber.myserver.com"
- "chat3.myserver.com"
- "test-chat3.myserver.com"
define_macro:
'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:#STRENGTH"
'TLS_OPTIONS':
- "no_sslv3"
- "no_tlsv1"
- "cipher_server_preference"
- "no_compression"
c2s_ciphers: 'TLS_CIPHERS'
s2s_ciphers: 'TLS_CIPHERS'
c2s_protocol_options: 'TLS_OPTIONS'
s2s_protocol_options: 'TLS_OPTIONS'
listen:
-
port: 8088
ip: "127.0.0.1"
module: ejabberd_http
request_handlers:
"/bosh": mod_bosh
web_admin: true
tls: false
disable_sasl_mechanisms: "digest-md5"
s2s_use_starttls: false
auth_password_format: plain
auth_method: sql
sql_type: mysql
sql_server: "10.0.0.51"
sql_database: "databasename"
sql_username: "username"
sql_password: "secret-as-hell"
shaper:
normal: 1000
fast: 50000
max_fsm_queue: 10000
acl:
admin:
user:
- "": "localhost"
- "admin": "test-chat3.myserver.com"
- "admin": "chat3.myserver.com"
local:
user_regexp: ""
loopback:
ip:
- "127.0.0.0/8"
shaper_rules:
max_user_sessions: 10
max_user_offline_messages:
- 5000: admin
- 100
c2s_shaper:
- none: admin
- normal
s2s_shaper: fast
access_rules:
local:
- allow: local
c2s:
- deny: blocked
- allow
announce:
- allow: admin
configure:
- allow: admin
muc_create:
- allow: local
pubsub_createnode:
- allow: local
register:
- allow
trusted_network:
- allow: loopback
api_permissions:
"console commands":
from:
- ejabberd_ctl
who: all
what: "*"
"admin access":
who:
- access:
- allow:
- acl: loopback
- acl: admin
- oauth:
- scope: "ejabberd:admin"
- access:
- allow:
- acl: loopback
- acl: admin
what:
- "*"
- "!stop"
- "!start"
"public commands":
who:
- ip: "127.0.0.1/8"
what:
- "status"
- "connected_users_number"
language: "en"
acme:
contact: "mailto:example-admin#example.com"
ca_url: "https://acme-v01.api.letsencrypt.org"
modules:
mod_adhoc: {}
mod_admin_extra: {}
mod_announce: # recommends mod_adhoc
access: announce
mod_blocking: {} # requires mod_privacy
mod_caps: {}
mod_carboncopy: {}
mod_client_state: {}
mod_configure: {} # requires mod_adhoc
mod_disco: {}
mod_echo: {}
mod_irc: {}
mod_bosh: {}
mod_last: {}
mod_muc:
access:
- allow
access_admin:
- allow: admin
access_create: muc_create
access_persistent: muc_create
mod_muc_admin: {}
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_ping: {}
mod_privacy: {}
mod_private: {}
mod_pubsub:
access_createnode: pubsub_createnode
ignore_pep_from_offline: true
last_item_cache: false
plugins:
- "flat"
- "hometree"
- "pep" # pep requires mod_caps
mod_push: {}
mod_push_keepalive: {}
mod_roster:
versioning: true
mod_shared_roster: {}
mod_stats: {}
mod_time: {}
mod_vcard:
search: false
mod_vcard_xupdate: {}
mod_version: {}
mod_stream_mgmt:
resend_on_timeout: if_offline
mod_s2s_dialback: {}
mod_http_api: {}
allow_contrib_modules: true
Any hints is greatly appreciated :-)
The problem in your configuration seems that you removed ejabberd_c2s listener. It is needed, and you can see it mentioned in the error message. So, the problem is solved by adding it, at least in my case, for example:
listen:
-
port: 5222
module: ejabberd_c2s
-
port: 8088
ip: "127.0.0.1"
module: ejabberd_http
request_handlers:
"/bosh": mod_bosh
web_admin: true
tls: false
Such a requirement is not mentioned in the ejabberd documentation, so I've added it now.
UPDATE: Forget everything below. Please see the answer from Badlop
Did a complete reinstall of ejabberd:
apt-get --purge autoremove ejabberd
(make sure /etc/ejabberd is empty)
apt-get update
apt-get upgrade
apt-get install ejabberd
Here the relevant parts of ejabberd.yml. I didn't change anything else:
hosts:
- "localhost"
- "chat3.myserver.com" <- the public domain
listen:
-
port: 5222
...
-
port: 5269
...
-
##port: 5280
port: 8088 <- use any port you like
ip: "127.0.0.1" <- listen only on localhost
module: ejabberd_http
request_handlers:
"/ws": ejabberd_http_ws
"/bosh": mod_bosh
"/api": mod_http_api
## "/pub/archive": mod_http_fileserver
web_admin: true
## register: true
## captcha: true
tls: false <- no need for tls on localhost
protocol_options: 'TLS_OPTIONS'
auth_method: sql
sql_type: mysql
sql_server: "server"
sql_database: "ejabberd_live"
sql_username: "ejabberd"
sql_password: "secret"
acl:
admin:
user:
- "": "localhost"
- "admin": "chat3.myserver.com"
And just if you are wondering about my proxy configuration in apache. These are the relevant lines of my chat3.myserver.com virtual host:
ProxyPass /http-bind/ http://127.0.0.1:8088/bosh
ProxyPassReverse /http-bind/ http://127.0.0.1:8088/bosh
ProxyPass /admin/ http://127.0.0.1:8088/admin/
ProxyPassReverse /admin/ http://127.0.0.1:8088/admin/
You will of cause also need to get the mysql database schema from here ... and so on...
I have no idea what caused the connection error. I guess the upgrade of ejabberd was somehow faulty. At least I am pretty sure that this was not a known bug. I crawled the internet for 4 hours without finding anything like it with this version of ejabberd (18.01). And also the error message - even under loglevel 5 - was extremely vague. If this had been a configuration error, I am sure the error messages would have been a lot more specific.

Message addressed to one component delivers to other

following is my ejabberd yml configuration
-
port: 8888
ip: "::"
module: ejabberd_service
access: all
shaper_rule: fast
ip: "127.0.0.1"
privilege_access:
roster: "both"
message: "outgoing"
presence: "roster"
delegations:
"urn:xmpp:mam:1":
filtering: ["node"]
"http://jabber.org/protocol/pubsub":
filtering: []
hosts:
"mycomponent.p-pc":
password: "secret"
"sender.p-pc":
password: "secret"
messages addressed to mycomponent.p-pc are delivered to sender.p-pc
hosts variable is a list of aliases of a single component, not a different component name

ejabberd: can't seem to enable Stream Management

Heyo,
I'm having a bit of a headache trying to get Stream Management (XEP-0198) working in ejabberd 17.04 in Ubuntu 16.10, though I've had this problem since ejabberd 17.03, and in spite of searching just about everywhere, I can't seem to get find a straight answer beyond either explicitly adding stream_management: true to my config or leaving it out and letting that setting default to true. None of which seem to be offering any success, however.
My only indication that Stream Management isn't working at the moment is via the Android app Conversations, which lists the extension as Unavailable, though the app picks up the extension from another server just fine. I can't seem to see any errors in ejabberd's logs either, barring the one time I caused a syntax error that's since been corrected.
This is my current config (yes, I know, it's adapted form a sample and I need to clean some junk out):
##
### ejabberd configuration file
### Archipel Sample default condiguration
define_macro:
'CERT_LOCATION': "/certs/live/social.diskseven.com/ejabberd.pem"
'DH_PARAMS': "/certs/live/social.diskseven.com/dhparams.pem"
### =========
### DEBUGGING
# Increase this if you want sone insane erlang debug
loglevel: 3
### ================
### SERVED HOSTNAMES
# Change it for you FQDN
hosts:
- "xmpp.diskseven.com"
### ===============
### LISTENING PORTS
listen:
-
#it's a good idea to put xmlrpc behing a reverse proxy
#because you can't use tls directly, make it listen to localhost
ip: "::1"
# and read the Security section on the wiki
port: 4560
module: ejabberd_xmlrpc
access_commands:
xmlrpcaccess:
all : []
## ejabberd c2s
-
ip: "::"
port: 5222
stream_management: true
module: ejabberd_c2s
resend_on_timeout: if_offline
##
## If you installed a SSL
## certificate, specify the full path to the
## file and uncomment this line:
##
certfile: 'CERT_LOCATION'
starttls: true
starttls_required: true
ciphers: "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
protocol_options:
- "no_sslv2"
- "no_sslv3"
- "no_tlsv1"
- "no_tlsv1_1"
max_stanza_size: 65536000
shaper: c2s_shaper
access: c2s
## ejabbed s2s
-
ip: "::"
port: 5269
module: ejabberd_s2s_in
max_stanza_size: 65536000
## ejabberd http/s and websocket/s
-
ip: "::"
port: 5280
module: ejabberd_http
request_handlers:
"/xmpp": ejabberd_http_ws
# if you want to use starttls with websock
# the URI will be wss://
# please be sure that the certificate belong
# to a trusted AC in your browser
certfile: 'CERT_LOCATION'
dhfile: 'DH_PARAMS'
# tls: true
web_admin: true
http_bind: true
### ===
### S2S
s2s_access: all
s2s_use_starttls: required
s2s_certfile: 'CERT_LOCATION' #concantinated cert.
s2s_dhfile: 'DH_PARAMS'
s2s_ciphers: "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
s2s_protocol_options:
- "no_sslv2"
- "no_sslv3"
- "no_tlsv1"
- "no_tlsv1_1"
## domain_certfile: Specify a different certificate for each served hostname.
##
##host_config:
## "xmpp.diskseven.com":
## domain_certfile: 'CERT_LOCATION'
## "conference.xmpp.diskseven.com":
## domain_certfile: 'CERT_LOCATION'
### ==============
### AUTHENTICATION
auth_method: internal
### ===============
### TRAFFIC SHAPERS
shaper:
# in B/s
normal: 1000
fast: 50000000
### ====================
### ACCESS CONTROL LISTS
acl:
admin:
user:
- "admin": "xmpp.diskseven.com"
local:
user_regexp: ""
### ============
### ACCESS RULES
access:
max_user_sessions:
all: 5
local:
local: allow
c2s:
blocked: deny
all: allow
c2s_shaper:
admin: none
all: fast
s2s_shaper:
all: fast
s2s_access:
all: allow
announce:
admin: allow
configure:
admin: allow
muc_admin:
admin: allow
muc_create:
local: allow
muc:
all: allow
pubsub_createnode:
all: allow
register:
all: deny
xmlrpcaccess:
admin : allow
### Frequency of account registration
registration_timeout: 600
### ================
### DEFAULT LANGUAGE
language: "en"
### =======
### MODULES
modules:
mod_adhoc: []
mod_announce:
access: announce
mod_blocking: []
mod_caps: []
mod_client_state: []
mod_carboncopy: []
mod_configure: []
mod_disco: []
mod_http_bind:
max_inactivity: 400 # timeout valie for BOSH usefull for a large number of VM
mod_http_upload: []
mod_irc: []
mod_last: []
mod_mam: []
mod_muc:
host: "conference.#HOST#"
access: all
access_create: muc_create
access_persistent: muc_create
access_admin: muc_admin
mod_offline: []
mod_privacy: []
mod_private: []
mod_pubsub:
access_createnode: pubsub_createnode
ignore_pep_from_offline: true
last_item_cache: false
max_items_node: 1000
plugins:
- "flat"
- "hometree"
- "pep"
pep_mapping:
"urn:xmpp:microblog:0": "mb"
mod_ping:
send_pings: true
ping_interval: 60
ping_ack_timeout: 30
timeout_action: kill
mod_register:
access: register
mod_roster:
versioning: true
mod_shared_roster: []
mod_time: []
mod_vcard: []
mod_version: []
mod_admin_extra: []
# mod_fail2ban:
# c2s_auth_ban_lifetime: 1300
# c2s_max_auth_failures: 5
In ejabberd 17.03+ stream management is implemented as a separate module: mod_stream_mgmt. You should have read release notes ;)

ejabberd doesn't store roster persistently

I'm running ejabberd in Kubernetes using the following image: https://hub.docker.com/r/jprjr/ejabberd/
I've tried to test persistency by removing an account from Pidgin and adding it again. Pidgin does not load the previously added roster.
I tried Mnesia and Postgres. The Postgres database seems to be untouched by ejabberd but I don't get any erros in the logs either.
Any ideas, what could cause this behavior?
My configuration:
hosts: ["example.com"]
loglevel: 4
hide_sensitive_log_data: true
listen:
- port: 5222
module: ejabberd_c2s
access: c2s
shaper: c2s_shaper
zlib: true
starttls_required: true
starttls: true
certfile: "/etc/ejabberd/ejabberd.pem"
- port: 5269
module: ejabberd_s2s_in
shaper: s2s_shaper
max_stanza_size: 65536
s2s_use_starttls: true
s2s_certfile: "/etc/ejabberd/ejabberd.pem"
transport: tcp
auth_method: [ldap]
ldap_servers: ["ldap.example.com"]
ldap_port: 389
ldap_rootdn: "CN=ejabberd,OU=ServiceAccounts,DC=example,DC=com"
ldap_password: "*********"
ldap_base: "OU=User,DC=example,DC=com"
ldap_uids:
- "sAMAccountName": "%u"
ldap_filter: "(&(objectClass=user)(memberof=CN=ejabberdUsers,CN=Users,DC=example,DC=com))"
# tried with and w/o
# default_db: odbc
# sm_db_type: odbc
# odbc_type: pgsql
# odbc_server: "db.example.com"
# odbc_password: "********"
# odbc_port: 10051
shaper:
normal: 1000
fast: 50000
acl:
admin:
user:
"admin1": "example.com"
"admin2": "example.com"
access:
local:
local: allow
c2s:
blocked: deny
all: allow
ejabberd store roster persistently.
you need to enable mod_roster in ejabberd configuration file and database setting what you want for example
mod_roster:
db_type: odbc
it seems you are missing configuration for more detail of configuration check these links.
https://github.com/processone/ejabberd/blob/master/test/ejabberd_SUITE_data/ejabberd.yml
https://www.process-one.net/docs/ejabberd/guide_en.html