I am working on sending message to muc room via API http. I observed that it s possible by get_room_occupants users who has joined muc room.
Now, from ejabberd muc room I have found that team members are there but are not occupants of the team, thats why is shows this error Only occupants are allowed to send messages to the conference though being group members.
Is there any api which can connect me to muc and show me in occupants?
Ejabberd Version : 17.11
Installed on : ubuntu 16.04
Configuered DB : mysql
Ejaberd.yml
api_permissions:
"console commands":
from:
- ejabberd_ctl
who: all
what: "*"
"admin access":
who: all
what:
- "*"
- "!stop"
- "!start"
"public commands":
who: all
what:
- "*"
commands_admin_access:
- allow:
- user: "xxx#yy.zz"
commands:
add_commands:
- status
- registered_users
- register
- unregister
- get_roster
- connected_users
- send_stanza_c2s
- send_stanza
- join_cluster
oauth_expire: 3600
oauth_access: all
An account with admin rights in the MUC service can send messages to any room, no need to be room occupant.
For example, with this configuration:
acl:
admin:
user:
- "user1#localhost"
modules:
mod_muc:
access_admin:
- allow: admin
I can execute this query, providing an account that exist and a room that exists, but that account is not occupant in that room:
$ ejabberdctl send_message groupchat user1#localhost room1#conference.localhost Sub Bodyyy
The occupants in that room receive the message:
<message to='user2#localhost/tka1'
from='room1#conference.localhost'
type='groupchat'
id='1234779465623896577'>
<body xml:lang='en'>Bodyyy</body>
<subject xml:lang='en'>Sub</subject>
</message>
Alternatively, you can subscribe an account to a MUC room, and then that account is allowed to send messages to the room without being occupant. For example:
$ ejabberdctl subscribe_room user2#localhost/tka1 User2 room1#conference.localhost urn:xmpp:mucsub:nodes:messages
urn:xmpp:mucsub:nodes:messages
$ ejabberdctl send_message groupchat user2#localhost room1#conference.localhost Sub Bodyyy
Related
I want to restrict the read & write access of secrets only to the users with ADMIN roles in openshift. If a user is a normal user, he can access everything except the secrets(he can't reveal the secrets and edit also). Is there any way to do that?
Thank You!
You could try to create your own roles to apply to everyone who is not an admin or just edit the non-admin roles removing access to secrets.
Here the guide to make your own role.
For example your role can already be like:
rules:
- apiGroups:
- ""
attributeRestrictions: null
resources:
- configmaps
- endpoints
- persistentvolumeclaims
- pods
- secrets
- serviceaccounts
- services
verbs:
- create
- delete
- deletecollection
- get
- list
- update
- watch
and you could remove the secrets line under resources:
rules:
- apiGroups:
- ""
attributeRestrictions: null
resources:
- configmaps
- endpoints
- persistentvolumeclaims
- pods
- serviceaccounts
- services
verbs:
- create
- delete
- deletecollection
- get
- list
- update
- watch
For example:
$ oc create user test
user.user.openshift.io/test created
$ oc create role test-role --verb=get --verb=list --resource=namespaces,pods,routes,services
role.rbac.authorization.k8s.io/test-role created
$ oc login -u test -p #####
Login successful.
You have one project on this server: "######"
Using project "####".
$ oc get pods
No resources found.
$ oc get secrets
No resources found.
Error from server (Forbidden): secrets is forbidden: User "test" cannot list secrets in the namespace "####": no RBAC policy matched
Mac OSX 10.13.6
ejabberd 19.05
I used an installer to install ejabberd, and when prompted I entered the following information:
ejabberd server domain: localhost
administrator username: 7stud
administrator password: blahblah
I'm following the tutorial: How to Build One to One Chat App Using Ejabberd & Erlang from Scratch?.
If I start ejabberd by clicking on the start executable in the ejabberd-19.05/bin directory, ejabberd starts up, and a web page opens up in my browser. I can then login to the admin web interface.
But, the tutorial directs me to add the following to ejabberd.yml:
auth_method: sql
sql_type: mysql
sql_server: "localhost"
sql_database: "chat"
sql_username: "root"
sql_password: ""
(For my mysql setup the root user has no password--I just hit return when prompted for the password)
After doing that, if I stop ejabberd, then start ejabberd again, I can no longer login to the admin page.
I have two questions:
Why does adding the db configuration to ejabberd.yml prevent me from logging into the admin web interface?
Why is the mysql db configuration even necessary? According to the ejabberd docs: ejabberd default backend is Mnesia internal database. I'm perfectly happy to use mnesia (and not have to touch ejabberd.yml).
I completed the rest of the tutorial both with the mysql db config stuff in ejabberd.yml and without, but neither User1 nor User2 received a message sent by the other user, so for some reason my ejabberd setup is not working. I also tried configuring another mysql db by following the ejabberd database docs:
auth_method: sql
sql_type: mysql
sql_server: "localhost"
sql_database: "ejabberd"
sql_username: "ejabberd"
sql_password: "12345"
Still no luck.
I'm willing to try any other simple tutorial that uses ejabberd to relay messages if someone can recommend one.
admin web interface:
psi+ images:
ejabberd.yml:
###
###' ejabberd configuration file
###
### The parameters used in this configuration file are explained at
###
### https://docs.ejabberd.im/admin/configuration
###
### The configuration file is written in YAML.
### *******************************************************
### ******* !!! WARNING !!! *******
### ******* YAML IS INDENTATION SENSITIVE *******
### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY *******
### *******************************************************
### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
### However, ejabberd treats different literals as different types:
###
### - unquoted or single-quoted strings. They are called "atoms".
### Example: dog, 'Jupiter', '3.14159', YELLOW
###
### - numeric literals. Example: 3, -45.0, .0
###
### - quoted or folded strings.
### Examples of quoted string: "Lizzard", "orange".
### Example of folded string:
### > Art thou not Romeo,
### and a Montague?
###
language: "en"
hosts:
- "localhost"
loglevel: 4
log_rotate_size: 10485760
log_rotate_date: ""
log_rotate_count: 1
log_rate_limit: 100
certfiles:
- "/Applications/ejabberd-19.05/conf/server.pem"
## - "/etc/letsencrypt/live/localhost/fullchain.pem"
## - "/etc/letsencrypt/live/localhost/privkey.pem"
ca_file: "/Applications/ejabberd-19.05/conf/cacert.pem"
listen:
-
port: 5222
ip: "::"
module: ejabberd_c2s
max_stanza_size: 262144
shaper: c2s_shaper
access: c2s
starttls_required: true
-
port: 5269
ip: "::"
module: ejabberd_s2s_in
max_stanza_size: 524288
-
port: 5443
ip: "::"
module: ejabberd_http
tls: true
request_handlers:
"/admin": ejabberd_web_admin
"/api": mod_http_api
"/bosh": mod_bosh
"/captcha": ejabberd_captcha
"/upload": mod_http_upload
"/ws": ejabberd_http_ws
"/oauth": ejabberd_oauth
-
port: 5280
ip: "::"
module: ejabberd_http
request_handlers:
"/admin": ejabberd_web_admin
-
port: 1883
ip: "::"
module: mod_mqtt
backlog: 1000
s2s_use_starttls: optional
acl:
local:
user_regexp: ""
loopback:
ip:
- "127.0.0.0/8"
- "::1/128"
- "::FFFF:127.0.0.1/128"
admin:
user:
- "7stud#localhost"
access_rules:
local:
- allow: local
c2s:
- deny: blocked
- allow
announce:
- allow: admin
configure:
- allow: admin
muc_create:
- allow: local
pubsub_createnode:
- allow: local
trusted_network:
- allow: loopback
api_permissions:
"console commands":
from:
- ejabberd_ctl
who: all
what: "*"
"admin access":
who:
- access:
- allow:
- acl: loopback
- acl: admin
- oauth:
- scope: "ejabberd:admin"
- access:
- allow:
- acl: loopback
- acl: admin
what:
- "*"
- "!stop"
- "!start"
"public commands":
who:
- ip: "127.0.0.1/8"
what:
- "status"
- "connected_users_number"
shaper:
normal: 1000
fast: 50000
shaper_rules:
max_user_sessions: 10
max_user_offline_messages:
- 5000: admin
- 100
c2s_shaper:
- none: admin
- normal
s2s_shaper: fast
max_fsm_queue: 10000
acme:
contact: "mailto:7stud#localhost"
ca_url: "https://acme-v01.api.letsencrypt.org"
modules:
mod_adhoc: {}
mod_admin_extra: {}
mod_announce:
access: announce
mod_avatar: {}
mod_blocking: {}
mod_bosh: {}
mod_caps: {}
mod_carboncopy: {}
mod_client_state: {}
mod_configure: {}
mod_disco: {}
mod_fail2ban: {}
mod_http_api: {}
mod_http_upload:
put_url: "https://#HOST#:5443/upload"
mod_last: {}
## mod_mam:
## Mnesia is limited to 2GB, better to use an SQL backend
## For small servers SQLite is a good fit and is very easy
## to configure. Uncomment this when you have SQL configured:
## db_type: sql
## assume_mam_usage: true
## default: always
mod_mqtt: {}
mod_muc:
access:
- allow
access_admin:
- allow: admin
access_create: muc_create
access_persistent: muc_create
default_room_options:
allow_subscription: true # enable MucSub
## mam: true
mod_muc_admin: {}
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_ping: {}
mod_privacy: {}
mod_private: {}
mod_proxy65:
access: local
max_connections: 5
mod_pubsub:
access_createnode: pubsub_createnode
plugins:
- "flat"
- "pep"
force_node_config:
## Avoid buggy clients to make their bookmarks public
"storage:bookmarks":
access_model: whitelist
mod_push: {}
mod_push_keepalive: {}
mod_register:
## Only accept registration requests from the "trusted"
## network (see access_rules section above).
## Think twice before enabling registration from any
## address. See the Jabber SPAM Manifesto for details:
## https://github.com/ge0rg/jabber-spam-fighting-manifesto
ip_access: trusted_network
mod_roster:
versioning: true
mod_s2s_dialback: {}
mod_shared_roster: {}
mod_stream_mgmt:
resend_on_timeout: if_offline
mod_vcard: {}
mod_vcard_xupdate: {}
mod_version:
show_os: false
### Local Variables:
### mode: yaml
### End:
[1]: https://www.apptha.com/blog/steps-to-build-a-private-one-to-one-chat-app/
[2]: https://docs.ejabberd.im/admin/databases/mysql/
Why does adding the db configuration to ejabberd.yml prevent me from logging into the admin web interface?
As Pouriya said, you first created an account in the Mnesia database. Then you switch to a MySQL database where that account doesn't exist... so create it again, or use export2sql to export the Mnesia content to a SQL file and import it in your SQL database.
Why is the mysql db configuration even necessary? According to the ejabberd docs: ejabberd default backend is Mnesia internal database. I'm perfectly happy to use mnesia (and not have to touch ejabberd.yml).
The internal Mnesia database is enough for small servers (hundreds of concurrent users). If you have a small server, that may be enough. But if you plan to have a big server (thousands or millions of concurrent users), better to use a SQL database. It's also possible to start using Mnesia now for a few months, and switch your content and configuration to SQL once you have a lot of users.
Do I need to configure the default Mnesia database in ebjabberd.yml? How do I do that?
Install ejabberd, change nothing in the configuration file, then Mnesia is used.
Do I actually need to be able to login to the admin web interface to get the tutorial to work?
"To work" is an ambiguous sentence, so I can't answer.
Where do I create an account? In Mysql? In Ejabberd?
In ejabberd, as you did with the first account that was stored in Mnesia.
I have two users who want to pass one message between them, namely "hi".
For two users.... just install ejabberd, register two accounts in ejabberd and that's all.
I am trying to subscribe a test user to a test room using the Ejabberd API. I am sure I just misconfigured something but I can't seem to find the issue.
I am running Ejabberd 16.09 and trying to use mod_http_api
My configuration is the following:
hosts:
- "localhost"
- "my.personal.host"
listen:
-
port: 5285
module: ejabberd_http
request_handlers:
"/api": mod_http_api
acl:
admin:
user:
- "#localhost"
modules:
mod_muc:
mam: true
default_room_options:
allow_subscription: true
access:
- allow
access_admin:
- allow: admin
access_create: muc_create
access_persistent: muc_create
mod_muc_admin: {}
mod_http_api:
admin_ip_access: admin_ip_access_rule
api_permissions:
"API used from localhost allows all calls":
- who:
- ip: "127.0.0.1/8"
- what:
- "*"
- "!stop"
- "!start"
access:
admin_ip_access_rule:
admin:
- create_room
- register
- subscribe_room
I did successfully create a user test1 and a room testroom1 through the api. I then try to subscribe the user to that rum by a POST with curl:
curl -X POST -H "Cache-Control: no-cache" -d '{"user":"test1#my.personal.host/something","nick":"test1","room":"testroom1#my.persoal.host","nodes":"urn:xmpp:mucsub:nodes:messages"}' "http://localhost:5285/api/subscribe_room"
And yet I get this response:
"Subscriptions are not allowed"
So what am I doing wrong?
Ohh, I found so many problems in your setup with just a quick look:
From what I know, mod_muc doesn't have an option called 'mam'
In the call, the room attribute has a spelling error when it says persoal.
Also, the room JID can't be "testroom1#my.persoal.host", it may be something like "testroom1#conference.my.personal.host"
Try creating the room with a user, then check it is configured correctly (has subscriptions allowed), then try to subscribe with another account. It worked for me with this call:
$ ejabberdctl subscribe_room test2#my.personal.host Test2
testroom1#conference.my.personal.host urn:xmpp:mucsub:nodes:messages
Can some please explain me how to configure ejabberd rest api support, I could not find any sufficient resource regarding this.
I'm using linux (ubuntu 16.04), so till now I've done apt-get -y install ejabberd and please tell me is there any need to change in config file /etc/ejabberd/ejabberd.yml file.
<pre>
listen:
## To handle ejabberd commands using XML-RPC
-
port: 4560
module: ejabberd_xmlrpc
access_commands: {}
-
port: 5280
## ip: "::"
ip: "0.0.0.0"
module: ejabberd_http
request_handlers:
"/websocket": ejabberd_http_ws
# OAuth support:
"/oauth": ejabberd_oauth
# ReST API:
"/api": mod_http_api
## "/pub/archive": mod_http_fileserver
web_admin: true
http_bind: true
register: true
captcha: true
tls: false
certfile: "/etc/ejabberd/ejabberd.pem"
# Allow OAuth authentication and token generation
commands_admin_access: configure
commands:
- add_commands: [user, admin, open]
# Tokens are valid for a year as default:
oauth_expire: 31536000
oauth_access: all
api_permissions:
- "admin access":
- who:
- admin
- what:
- "*"
- "!stop"
</pre>
well, I tried as given in the doc, but when I entered the user, server and password at
http://ipaddress:5280/oauth/authorization_token?response_type=token&client_id=localhost&redirect_uri=http://www.razrcorp.com/&scope=get_roster+sasl_auth
i can see Authorization request Application localhost wants to access scope get_roster sasl_auth
but when i fill from user - test#localhost server - ipaddress password - test
It redirect to http://ipaddress:5280/oauth/authorization_token with response
This page isn’t working
ipaddress didn’t send any data.
ERR_EMPTY_RESPONSE
If check the logs it says
2018-04-06 11:33:49.136 [error] <0.671.0> CRASH REPORT Process <0.671.0> with 0 neighbours crashed with reason: call to undefined function oauth2:authorize_password({<<"test#localh
ost">>,<<"35.18.18.32">>}, <<"localhost">>, <<"http://www.razrcorp.com/">>, [<<"get_roster">>,<<"sasl_auth">>], {password,<<"test">>})
You are missing the oauth2 modules in your installation. It seems the package you are using may be incorrect. Maybe you should try with ProcessOne packages: https://www.process-one.net/en/ejabberd/downloads/
They should be complete and contains all the required dependencies.
I am trying to interface with ejabberdctl remotely so my nodeJS client can send commands to a remote jabber server, using the mod_restful plugin with the ejabberd REST API. I am able to send a request using postman to test, with admin user and password sent in the header of the POST requests. I have edited my ejabberd.yml to include:
api_permissions:
"API used from localhost allows all calls":
- who:
- ip: "127.0.0.1/8"
- what:
- "*"
commands_admin_access:
- allow:
- user: "admin#localhost"
commands:
- "*"
- create_room: "*"
- register: "*"
# Tokens are valid for a year as default:
auth_expire: 31536000
oauth_access: all
and my ejabberd.cfg config file includes:
{mod_restful, [
{api,
[
{["admin"], mod_restful_admin, [
{key, "secret"},
{allowed_commands, [register, unregister,create_room]}
]},
{["register"], mod_restful_register, [{key, "secret"}]}
]}
]}
I am accessing my admin api at /api/admin and for some reason all the commands i try are succesfully authenticating, but I continually receive the error as response in postman:
"command_unknown"
I must have just incorrectly configured something, but I'm really not sure what. Im a bit confused of the overlap of settings between the YML and CFG files.