Ejabberd oauth is not generating token - ejabberd

Can some please explain me how to configure ejabberd rest api support, I could not find any sufficient resource regarding this.
I'm using linux (ubuntu 16.04), so till now I've done apt-get -y install ejabberd and please tell me is there any need to change in config file /etc/ejabberd/ejabberd.yml file.
<pre>
listen:
## To handle ejabberd commands using XML-RPC
-
port: 4560
module: ejabberd_xmlrpc
access_commands: {}
-
port: 5280
## ip: "::"
ip: "0.0.0.0"
module: ejabberd_http
request_handlers:
"/websocket": ejabberd_http_ws
# OAuth support:
"/oauth": ejabberd_oauth
# ReST API:
"/api": mod_http_api
## "/pub/archive": mod_http_fileserver
web_admin: true
http_bind: true
register: true
captcha: true
tls: false
certfile: "/etc/ejabberd/ejabberd.pem"
# Allow OAuth authentication and token generation
commands_admin_access: configure
commands:
- add_commands: [user, admin, open]
# Tokens are valid for a year as default:
oauth_expire: 31536000
oauth_access: all
api_permissions:
- "admin access":
- who:
- admin
- what:
- "*"
- "!stop"
</pre>
well, I tried as given in the doc, but when I entered the user, server and password at
http://ipaddress:5280/oauth/authorization_token?response_type=token&client_id=localhost&redirect_uri=http://www.razrcorp.com/&scope=get_roster+sasl_auth
i can see Authorization request Application localhost wants to access scope get_roster sasl_auth
but when i fill from user - test#localhost server - ipaddress password - test
It redirect to http://ipaddress:5280/oauth/authorization_token with response
This page isn’t working
ipaddress didn’t send any data.
ERR_EMPTY_RESPONSE
If check the logs it says
2018-04-06 11:33:49.136 [error] <0.671.0> CRASH REPORT Process <0.671.0> with 0 neighbours crashed with reason: call to undefined function oauth2:authorize_password({<<"test#localh
ost">>,<<"35.18.18.32">>}, <<"localhost">>, <<"http://www.razrcorp.com/">>, [<<"get_roster">>,<<"sasl_auth">>], {password,<<"test">>})

You are missing the oauth2 modules in your installation. It seems the package you are using may be incorrect. Maybe you should try with ProcessOne packages: https://www.process-one.net/en/ejabberd/downloads/
They should be complete and contains all the required dependencies.

Related

Can't get One to One chat to work with ejabberd and XMPP client Psi+

Mac OSX 10.13.6
ejabberd 19.05
I used an installer to install ejabberd, and when prompted I entered the following information:
ejabberd server domain: localhost
administrator username: 7stud
administrator password: blahblah
I'm following the tutorial: How to Build One to One Chat App Using Ejabberd & Erlang from Scratch?.
If I start ejabberd by clicking on the start executable in the ejabberd-19.05/bin directory, ejabberd starts up, and a web page opens up in my browser. I can then login to the admin web interface.
But, the tutorial directs me to add the following to ejabberd.yml:
auth_method: sql
sql_type: mysql
sql_server: "localhost"
sql_database: "chat"
sql_username: "root"
sql_password: ""
(For my mysql setup the root user has no password--I just hit return when prompted for the password)
After doing that, if I stop ejabberd, then start ejabberd again, I can no longer login to the admin page.
I have two questions:
Why does adding the db configuration to ejabberd.yml prevent me from logging into the admin web interface?
Why is the mysql db configuration even necessary? According to the ejabberd docs: ejabberd default backend is Mnesia internal database. I'm perfectly happy to use mnesia (and not have to touch ejabberd.yml).
I completed the rest of the tutorial both with the mysql db config stuff in ejabberd.yml and without, but neither User1 nor User2 received a message sent by the other user, so for some reason my ejabberd setup is not working. I also tried configuring another mysql db by following the ejabberd database docs:
auth_method: sql
sql_type: mysql
sql_server: "localhost"
sql_database: "ejabberd"
sql_username: "ejabberd"
sql_password: "12345"
Still no luck.
I'm willing to try any other simple tutorial that uses ejabberd to relay messages if someone can recommend one.
admin web interface:
psi+ images:
ejabberd.yml:
###
###' ejabberd configuration file
###
### The parameters used in this configuration file are explained at
###
### https://docs.ejabberd.im/admin/configuration
###
### The configuration file is written in YAML.
### *******************************************************
### ******* !!! WARNING !!! *******
### ******* YAML IS INDENTATION SENSITIVE *******
### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY *******
### *******************************************************
### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
### However, ejabberd treats different literals as different types:
###
### - unquoted or single-quoted strings. They are called "atoms".
### Example: dog, 'Jupiter', '3.14159', YELLOW
###
### - numeric literals. Example: 3, -45.0, .0
###
### - quoted or folded strings.
### Examples of quoted string: "Lizzard", "orange".
### Example of folded string:
### > Art thou not Romeo,
### and a Montague?
###
language: "en"
hosts:
- "localhost"
loglevel: 4
log_rotate_size: 10485760
log_rotate_date: ""
log_rotate_count: 1
log_rate_limit: 100
certfiles:
- "/Applications/ejabberd-19.05/conf/server.pem"
## - "/etc/letsencrypt/live/localhost/fullchain.pem"
## - "/etc/letsencrypt/live/localhost/privkey.pem"
ca_file: "/Applications/ejabberd-19.05/conf/cacert.pem"
listen:
-
port: 5222
ip: "::"
module: ejabberd_c2s
max_stanza_size: 262144
shaper: c2s_shaper
access: c2s
starttls_required: true
-
port: 5269
ip: "::"
module: ejabberd_s2s_in
max_stanza_size: 524288
-
port: 5443
ip: "::"
module: ejabberd_http
tls: true
request_handlers:
"/admin": ejabberd_web_admin
"/api": mod_http_api
"/bosh": mod_bosh
"/captcha": ejabberd_captcha
"/upload": mod_http_upload
"/ws": ejabberd_http_ws
"/oauth": ejabberd_oauth
-
port: 5280
ip: "::"
module: ejabberd_http
request_handlers:
"/admin": ejabberd_web_admin
-
port: 1883
ip: "::"
module: mod_mqtt
backlog: 1000
s2s_use_starttls: optional
acl:
local:
user_regexp: ""
loopback:
ip:
- "127.0.0.0/8"
- "::1/128"
- "::FFFF:127.0.0.1/128"
admin:
user:
- "7stud#localhost"
access_rules:
local:
- allow: local
c2s:
- deny: blocked
- allow
announce:
- allow: admin
configure:
- allow: admin
muc_create:
- allow: local
pubsub_createnode:
- allow: local
trusted_network:
- allow: loopback
api_permissions:
"console commands":
from:
- ejabberd_ctl
who: all
what: "*"
"admin access":
who:
- access:
- allow:
- acl: loopback
- acl: admin
- oauth:
- scope: "ejabberd:admin"
- access:
- allow:
- acl: loopback
- acl: admin
what:
- "*"
- "!stop"
- "!start"
"public commands":
who:
- ip: "127.0.0.1/8"
what:
- "status"
- "connected_users_number"
shaper:
normal: 1000
fast: 50000
shaper_rules:
max_user_sessions: 10
max_user_offline_messages:
- 5000: admin
- 100
c2s_shaper:
- none: admin
- normal
s2s_shaper: fast
max_fsm_queue: 10000
acme:
contact: "mailto:7stud#localhost"
ca_url: "https://acme-v01.api.letsencrypt.org"
modules:
mod_adhoc: {}
mod_admin_extra: {}
mod_announce:
access: announce
mod_avatar: {}
mod_blocking: {}
mod_bosh: {}
mod_caps: {}
mod_carboncopy: {}
mod_client_state: {}
mod_configure: {}
mod_disco: {}
mod_fail2ban: {}
mod_http_api: {}
mod_http_upload:
put_url: "https://#HOST#:5443/upload"
mod_last: {}
## mod_mam:
## Mnesia is limited to 2GB, better to use an SQL backend
## For small servers SQLite is a good fit and is very easy
## to configure. Uncomment this when you have SQL configured:
## db_type: sql
## assume_mam_usage: true
## default: always
mod_mqtt: {}
mod_muc:
access:
- allow
access_admin:
- allow: admin
access_create: muc_create
access_persistent: muc_create
default_room_options:
allow_subscription: true # enable MucSub
## mam: true
mod_muc_admin: {}
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_ping: {}
mod_privacy: {}
mod_private: {}
mod_proxy65:
access: local
max_connections: 5
mod_pubsub:
access_createnode: pubsub_createnode
plugins:
- "flat"
- "pep"
force_node_config:
## Avoid buggy clients to make their bookmarks public
"storage:bookmarks":
access_model: whitelist
mod_push: {}
mod_push_keepalive: {}
mod_register:
## Only accept registration requests from the "trusted"
## network (see access_rules section above).
## Think twice before enabling registration from any
## address. See the Jabber SPAM Manifesto for details:
## https://github.com/ge0rg/jabber-spam-fighting-manifesto
ip_access: trusted_network
mod_roster:
versioning: true
mod_s2s_dialback: {}
mod_shared_roster: {}
mod_stream_mgmt:
resend_on_timeout: if_offline
mod_vcard: {}
mod_vcard_xupdate: {}
mod_version:
show_os: false
### Local Variables:
### mode: yaml
### End:
[1]: https://www.apptha.com/blog/steps-to-build-a-private-one-to-one-chat-app/
[2]: https://docs.ejabberd.im/admin/databases/mysql/
Why does adding the db configuration to ejabberd.yml prevent me from logging into the admin web interface?
As Pouriya said, you first created an account in the Mnesia database. Then you switch to a MySQL database where that account doesn't exist... so create it again, or use export2sql to export the Mnesia content to a SQL file and import it in your SQL database.
Why is the mysql db configuration even necessary? According to the ejabberd docs: ejabberd default backend is Mnesia internal database. I'm perfectly happy to use mnesia (and not have to touch ejabberd.yml).
The internal Mnesia database is enough for small servers (hundreds of concurrent users). If you have a small server, that may be enough. But if you plan to have a big server (thousands or millions of concurrent users), better to use a SQL database. It's also possible to start using Mnesia now for a few months, and switch your content and configuration to SQL once you have a lot of users.
Do I need to configure the default Mnesia database in ebjabberd.yml? How do I do that?
Install ejabberd, change nothing in the configuration file, then Mnesia is used.
Do I actually need to be able to login to the admin web interface to get the tutorial to work?
"To work" is an ambiguous sentence, so I can't answer.
Where do I create an account? In Mysql? In Ejabberd?
In ejabberd, as you did with the first account that was stored in Mnesia.
I have two users who want to pass one message between them, namely "hi".
For two users.... just install ejabberd, register two accounts in ejabberd and that's all.

Ejabberd trying to subscribe a user through api

I am trying to subscribe a test user to a test room using the Ejabberd API. I am sure I just misconfigured something but I can't seem to find the issue.
I am running Ejabberd 16.09 and trying to use mod_http_api
My configuration is the following:
hosts:
- "localhost"
- "my.personal.host"
listen:
-
port: 5285
module: ejabberd_http
request_handlers:
"/api": mod_http_api
acl:
admin:
user:
- "#localhost"
modules:
mod_muc:
mam: true
default_room_options:
allow_subscription: true
access:
- allow
access_admin:
- allow: admin
access_create: muc_create
access_persistent: muc_create
mod_muc_admin: {}
mod_http_api:
admin_ip_access: admin_ip_access_rule
api_permissions:
"API used from localhost allows all calls":
- who:
- ip: "127.0.0.1/8"
- what:
- "*"
- "!stop"
- "!start"
access:
admin_ip_access_rule:
admin:
- create_room
- register
- subscribe_room
I did successfully create a user test1 and a room testroom1 through the api. I then try to subscribe the user to that rum by a POST with curl:
curl -X POST -H "Cache-Control: no-cache" -d '{"user":"test1#my.personal.host/something","nick":"test1","room":"testroom1#my.persoal.host","nodes":"urn:xmpp:mucsub:nodes:messages"}' "http://localhost:5285/api/subscribe_room"
And yet I get this response:
"Subscriptions are not allowed"
So what am I doing wrong?
Ohh, I found so many problems in your setup with just a quick look:
From what I know, mod_muc doesn't have an option called 'mam'
In the call, the room attribute has a spelling error when it says persoal.
Also, the room JID can't be "testroom1#my.persoal.host", it may be something like "testroom1#conference.my.personal.host"
Try creating the room with a user, then check it is configured correctly (has subscriptions allowed), then try to subscribe with another account. It worked for me with this call:
$ ejabberdctl subscribe_room test2#my.personal.host Test2
testroom1#conference.my.personal.host urn:xmpp:mucsub:nodes:messages

Web administration of Ejabberd with virtual box and external authentication

sorry for my long question. Just to figure out the scenario.
I have an Ubuntu host machine where I installed VirtualBox and an Ubuntu guest VM box. The guest has IP address 192.168.56.101. Here I installed a LAMP server with a Web platform written in PHP, and Ejabberd 16.01
Here it is my /etc/hosts on the host machine:
192.168.56.101 localmessage.my.website
When Ejabberd uses internal authorization, I have no problems. The Ejabberd Web administration panel is reachable by host machine like a charm (through URL https://localmessage.my.website:5280/admin).
After that, I tried to exploit the mySQL database of Web platform for Ejabberd's external authentication. I implemented a PHP file (check_mysql.php) starting from https://github.com/leesherwood/ejabberd-php-auth. I saved it into /var/www directory of guest machine, I set its owner to ejabberd:ejabberd and enabled execute permissions.
When I tested the solution by command line (by running php /var/www/check_mysql.php and then writing to the prompt 00auth:username:servername:password, by getting inspirations from https://github.com/leesherwood/ejabberd-php-auth/tree/master/examples/Collection), it works.
But, when I try to reach the Ejabberd's Web admin panel from host machine, I receive authorization error and a loop of requesting admin credentials.
Here is the /etc/ejabberd/ejabberd.yml configuration file on guest machine:
loglevel: 4
log_rotate_size: 0
log_rotate_date: ""
log_rate_limit: 100
hosts:
- "localhost"
- "localmessage.my.website"
listen:
-
port: 5222
ip: "::"
module: ejabberd_c2s
certfile: "/etc/ejabberd/ejabberd.pem"
starttls: true
protocol_options:
- "no_sslv3"
## - "no_tlsv1"
max_stanza_size: 65536
shaper: c2s_shaper
access: c2s
zlib: true
resend_on_timeout: if_offline
-
port: 5269
ip: "::"
module: ejabberd_s2s_in
-
port: 5280
ip: "::"
module: ejabberd_http
request_handlers:
"/websocket": ejabberd_http_ws
## "/pub/archive": mod_http_fileserver
web_admin: true
http_bind: true
## register: true
captcha: true
tls: true
certfile: "/etc/ejabberd/ejabberd.pem"
disable_sasl_mechanisms: "digest-md5"
s2s_use_starttls: optional
s2s_certfile: "/etc/ejabberd/ejabberd.pem"
s2s_protocol_options:
- "no_sslv3"
auth_password_format: plain
auth_method: external
extauth_program: "/var/www/check_mysql.php"
shaper:
normal: 1000
fast: 50000
max_fsm_queue: 1000
acl:
admin:
user:
- "admin": "localhost"
local:
user_regexp: ""
loopback:
ip:
- "127.0.0.0/8"
access:
max_user_sessions:
all: 10
max_user_offline_messages:
admin: 5000
all: 100
local:
local: allow
c2s:
blocked: deny
all: allow
c2s_shaper:
admin: none
all: normal
s2s_shaper:
all: fast
announce:
admin: allow
configure:
admin: allow
muc_admin:
admin: allow
muc_create:
local: allow
muc:
all: allow
pubsub_createnode:
local: allow
register:
all: allow
trusted_network:
loopback: allow
language: "en"
modules:
mod_adhoc: {}
mod_admin_extra: {}
mod_announce: # recommends mod_adhoc
access: announce
mod_blocking: {} # requires mod_privacy
mod_caps: {}
mod_carboncopy: {}
mod_client_state: {}
mod_configure: {} # requires mod_adhoc
mod_disco: {}
mod_echo: {}
mod_irc: {}
mod_http_bind: {}
## mod_http_fileserver:
## docroot: "/var/www"
## accesslog: "/var/log/ejabberd/access.log"
mod_last: {}
mod_muc:
## host: "conference.#HOST#"
access: muc
access_create: muc_create
access_persistent: muc_create
access_admin: muc_admin
## mod_muc_log: {}
mod_muc_admin: {}
## mod_multicast: {}
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_ping: {}
## mod_pres_counter:
## count: 5
## interval: 60
mod_privacy: {}
mod_private: {}
## mod_proxy65: {}
mod_pubsub:
access_createnode: pubsub_createnode
ignore_pep_from_offline: true
last_item_cache: false
plugins:
- "flat"
- "hometree"
- "pep" # pep requires mod_caps
mod_register:
welcome_message:
subject: "Welcome!"
body: |-
Hi.
Welcome to this XMPP server.
ip_access: trusted_network
access: register
mod_roster: {}
mod_shared_roster: {}
mod_stats: {}
mod_time: {}
mod_vcard:
search: false
mod_version: {}
allow_contrib_modules: true
Could you figure out the reason of this error, please?
EDIT 1
I checked comments of #Badlop. I had already set +x for owner, group and other users. After #Badlop suggestions, I have set loglevel to 5, and tried the ejabberdctl command. Here is the result (unfortunately I have to link a screenshot on my GoogleDrive): https://drive.google.com/open?id=1_jWJeulge_q6XYeM3hTGzbavRjjWp19s
Could someone figure out the reason, please?
EDIT 2
With the Perl script provided by Ejabberd, as well as with my script, I run the command
ejabberdctl check_password user1 localhost mypass11
I obtain the same error as previously depicted in Edit 1.
Obviously, I assigned the ejabberd:ejabberd owning, and enabled +x for user, group and others, to each one of the scripts.
I inspected the /var/log/ejabberd/error.log and /var/log/ejabberd.log. Both reports the same error:
#extauth:loop:142 extauth script has exitted abruptly with reason 'normal'
I moved the Perl as well as my PHP script within the folder /etc/ejabberd. Same error.
Please, help. Thanks
When I tested the solution by command line [...], it works.
And, if you check auth with this command, is it accepted (returns 0) or rejected (returns 1)?
$ ejabberdctl check_password user1 localhost mypass11
$ echo $?
0
Notice that ejabberd does not execute "php yourscript.php", it executes directly "yourscript.php". This means that your script must be an executable file, and the system user that runs ejabberd must have permissions to execute that file. For testing, you can grant everybody permissions to execute that file. Also, set ejabberd loglevel to 5, it may provide some clue about your problem.
There is some problem in the script, or at least in how ejabberd connects to it. Try using the small example script included with ejabberd, written in Perl. If that works, see how the script and ejabberd behave. Then use your custom script, or the one where you are basing yours, and see the differences.

Issue with ejabberd status after making changes in ejabberd.yml file

I installed ejabberd using
root#arun-pc:/home/arun# apt-get install ejabberd
Here is my /etc/hosts file
**127.0.0.1 localhost**
**172.30.13.130 arun-pc.pratian.com**
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
And here is my configuration of ejabbered.yml under listening port section
listen:
-
port: 6222
ip: "::"
module: ejabberd_c2s
##
## If TLS is compiled in and you installed a SSL
## certificate, specify the full path to the
## file and uncomment these lines:
##
certfile: "/etc/ejabberd/ejabberd.pem"
starttls: true
##
## To enforce TLS encryption for client connections,
## use this instead of the "starttls" option:
##
## starttls_required: true
##
## Custom OpenSSL options
##
protocol_options:
- "no_sslv3"
## - "no_tlsv1"
max_stanza_size: 65536
shaper: c2s_shaper
access: c2s
zlib: true
resend_on_timeout: if_offline
-
port: 6269
ip: "::"
module: ejabberd_s2s_in
Later I registered admin using this command
1. **ejabberdctl register admin arun-pc.pratian.com password**
User admin#arun-pc.pratian.com successfully registered
2. Later I added this in ejabberd.yml for ACL rights for admin
acl:
admin:
user:
- "admin#arun-pc.pratian.com"
After these changes I restart ejabberd using command ejabberdctl start
It successfully restarted and when i checked the status using command
**root#arun-pc:/home/arun#ejabberd status**
here is the image of the issuse that i am facing
[Issue after changes][1]
[1]: https://i.stack.imgur.com/AFXaw.png

ejabberd mod_restful command unknown

I am trying to interface with ejabberdctl remotely so my nodeJS client can send commands to a remote jabber server, using the mod_restful plugin with the ejabberd REST API. I am able to send a request using postman to test, with admin user and password sent in the header of the POST requests. I have edited my ejabberd.yml to include:
api_permissions:
"API used from localhost allows all calls":
- who:
- ip: "127.0.0.1/8"
- what:
- "*"
commands_admin_access:
- allow:
- user: "admin#localhost"
commands:
- "*"
- create_room: "*"
- register: "*"
# Tokens are valid for a year as default:
auth_expire: 31536000
oauth_access: all
and my ejabberd.cfg config file includes:
{mod_restful, [
{api,
[
{["admin"], mod_restful_admin, [
{key, "secret"},
{allowed_commands, [register, unregister,create_room]}
]},
{["register"], mod_restful_register, [{key, "secret"}]}
]}
]}
I am accessing my admin api at /api/admin and for some reason all the commands i try are succesfully authenticating, but I continually receive the error as response in postman:
"command_unknown"
I must have just incorrectly configured something, but I'm really not sure what. Im a bit confused of the overlap of settings between the YML and CFG files.