ejabberd - Custom roster module based on external REST API - ejabberd

I was going through https://docs.ejabberd.im/developer/extending-ejabberd/architecture/, which talks about roster management via REST API. Trying to find which module to use and what kind of API contract that REST API should implement. Can you please point me to some blog/tutorial which talks about how to achieve this?
Thanks & Regards
Rama

and what kind of API contract that REST API should implement. Can you please point me to some blog/tutorial which talks about how to achieve this?
There are several commands related to roster:
$ ejabberdctl help --tags roster
Available commands with tag roster:
add_rosteritem localuser localhost user host nick group subs
Add an item to a user's roster (supports ODBC)
delete_rosteritem localuser localhost user host
Delete an item from a user's roster (supports ODBC)
get_roster user host
Get roster of a local user
process_rosteritems action subs asks users contacts
List/delete rosteritems that match filter
push_alltoall host group
Add all the users to all the users of Host in Group
push_roster file user host
Push template roster from file to a user
push_roster_all file
Push template roster from file to all those users
You can find more details about those commands in:
https://docs.ejabberd.im/developer/ejabberd-api/admin-api/
Trying to find which module to use
All those commands are implemented in mod_admin_extra. So, you can simply enable this module in ejabberd.yml and the commands will be available for execution.

Related

Can eJabberd call an API if a roster contact does not exist?

Ejabberd newbie here. I hope this question makes sense.
We had a need to setup our own XMPP server so that customers on web and a Bria client can utilize it. I was able to get the basics up and running using ejabberd.
All users will be in the 'xmpp.exampledomain.com'
We also have a custom SMS gateway we built (which is really a server which can accept json APIs).
So what I am trying to accomplish:
Our platform would create a 'normal' xmpp user so the user can login to ejabberd.
This user can add roster contacts of other 'normal' xmpp users.
If this user wants to send messages via SMS, we would instruct them to add roster contacts (i assume) with the format 12125551234#sms.exampledomain.com. (adding the contact works currently)
If a user sends a message to this "SMS" contact, have ejabberd call our custom SMS gateway via a json API instead of attempting to deliver via normal xmpp.
Is this even possible?
For inbound from the SMS Gateway server, can call the ejabberd API send message function, so inbound is fairly easy.
I appreciate any suggestions
thanks
What you want was called a "transport" in the old days of IRC, ICQ, AIM and MSN. They were programs that you installed next to ejabberd (or other Jabber servers). Example usage:
you download a transport for ICQ
configure it to have access to ICQ,
and then configure ejabberd to connect to that transport, and allow users to contact it at address icq.example.com.
There are very old tutorials for your curiosity:
https://www.ejabberd.im/tutorials-transports/index.html
I don't know if the old "SMS-Jabber transports" will work nowadays. Searching revelaed few results:
https://www.jethrocarr.com/2013/06/03/smstoxmpp/
https://sourceforge.net/projects/jabbersms/
https://www.jabber.cz/wiki/SMS_transport
Alternatively, as you mentioned you already have a SMS program, if you can get your hands on Erlang or Elixir, you can write an ejabberd module that registers at sms.example.com, and forwards XMPP messages as json API...

Google Drive SA accounts can't access objects on a shared disks created by other users

I would like to have an access to objects on a shared disks created by other users using SA accounts.
I discovered that by making a call to https://www.googleapis.com/drive/v3/files with the following query:
q=mimeType!='application/vnd.google-apps.folder' and 'GOOGLE_DRIVE_FOLDER_ID' in parents and trashed=false&supportsTeamDrives=true&teamDriveId=GOOGLE_TEAM_DRIVE_ID&fields=files(id ,name ,webViewLink ,webContentLink)
I get different results depending on the account. If I am using access token generated for service account we get different result than if I am using access token generated for a user account.
Service account "sees" only files that were create by that particular service account whereas regular users "see" all the files created by other users as well.
Anyone had similar issue and know any solution or workaround?
I get different results depending on the account. If I am using access token generated for service account we get different result than if I am using access token generated for a user account.
What you need to understand is that you can only see the files that you have permission to see. If you are logged in on a normal user account you will only be able to see the files that you own, or have access to. The same goes for a service account, think of a service account as a dummy user. The service account can only see the files it has been granted access to.
Assuming that your shared disks that you are talking about is gsuite then you can have the gsuite admin set up domain wide delegation on the service account and grant it access to the files on the domain.
permissions
If you dont have gsuite or dont want to give the service account full access to the domain you. You might also want to try having the owner of the drive run a permissions.create and add the service account.

Creating the users in the google domain (python)

I am creating an application in which I am getting a Client_secret.json file, and in my application I'm trying to load that json file and get the credentials from it using the following code:
credentials=get_credentials(filename)
http = credentials.authorize(httplib2.Http())
service = discovery.build('admin', 'directory_v1', http=http)
userinfo = {'primaryEmail': primaryEmail,
'name': { 'givenName':user },
'password': password
}
service.users().insert(body = userinfo).execute()
It gives the following error:
httpError 403 when requesting https
//www.googleapis.com/admin/directory/v1/users?alt=json returned
insufficient permission
I'm not sure what I'm doing wrong or am I missing something? I was wondering if the problem is in the json file which I'm creating?
Any help would be appreciated.
Thanks,
Aman
Well, you can start by checking a few things:
If you're using a service account, be sure to enable the "wide domain delegation option" to allow a service account to access user data on behalf of your users and perform operations.
Check if the scope https //www.googleapis.com/admin/directory/v1/users is authorized for your client ID on your google admin console > Security > Advanced settings > Authentication > Manage API client access.
Check if the user that you're using to insert the new user have enough privileges a.k.a super admin privileges.
Check if the Admin SDK API is active on your project.
Keep in mind that just downloading the client_json and activating a API isn't enough to allow these types of operations. For certain APIs like Admin SDK, the user you're gonna use to consume those services need to have specific privileges.
Here's a few helpful links
https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority
https://support.google.com/a/answer/162106?hl=en
I would first check to make sure that you have the correct Admin privileges on the account that you are trying to use OAuth credentials on. I would try logging into the account and going to this reference page in the Directory API for Users:insert
https://developers.google.com/admin-sdk/directory/v1/reference/users/insert
On the right hand side you should go to the Try this API section and see if that account has permissions to create new users.
Also another thing I noticed as well, is that you're not setting the required field familyName inside of the name field. familyName is a required property.

Document List API to Drive SDK and Client Login

We used to have an application connector implementing the Document List Service v3 to upload documents to users account. Now that the service will be discontinued starting as of next Monday and we need to migrate to the Drive API/SDK we have the problem to migrate our current login schema .. we are unable to use the OAuth 2 protocol and we need to authenticate users with their username/password credentials.
DocumentsService myService = new DocumentsService("xxx");
myService.setUserCredentials(username, password);
The reason is that our application scans and processes documents asynchronously from MFD devices (printers) and all processing/storage job is done in a different moment on processing servers, thus the limitation that the processing service cannot ask any consens to the user.
We do the same for other online cloud storage application (e.g. Dropbox) where they allow special 'OAuth 1' schema on request for such 'enterprise' situations.
How can we do this with the new Drive API/SDK? I couldn't find anything about that in the documentation rather than the service account, also looks like not suitable.
What you need to do is request authentication from you user once. The server gives you back a refresh token. Your automated application can then use this refresh token to get a new access token. You only need to ask the user one time for authentication. Then everything can run automated.
A service account wont really work in this instance because its meant for use with an account that you the developer own not a users account

WHMCS API-- provisioning mySQL

I'm trying to use the WHMCS API / provisioning module to auto-create a mysql database for a new WHM / cPanel client after their order for hosting goes through.
It seems like it should be simple enough to do, but I can't find anything about it in the docs. The WHMCS module is connected to the WHMCS mysql instance, but I would want to be connecting the "main" local mysql instance where the client's data is held.
Would I simply connect to localhost in the provisioning module, and create a new database and user? Or is there a more robust way to handle this without going outside the WHMCS / WHM system.
Please provide examples if possible!
Thanks for any help
I would use whmcs's hooks. A hook is function that is fired as a result of an internal action.
You should look for the invoice items after the invoice is paid but before the email in case you want to send database information if not then after paid should be fine
This would go in billing dir / includes / hooks
and it would look like
function init_InvoicePaidPreEmail($vars) {
// create your db code here be sure to look for the specific invoice item "order for hosting"
}
add_hook("InvoicePaidPreEmail",1,"init_InvoicePaidPreEmail","");