Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ejabberd_auth_http: fusco_lib.erl deprecation warnings #338

Open
pl-bamboo opened this issue Oct 10, 2024 · 3 comments
Open

ejabberd_auth_http: fusco_lib.erl deprecation warnings #338

pl-bamboo opened this issue Oct 10, 2024 · 3 comments

Comments

@pl-bamboo
Copy link

on the ejabberd-24

ejabberd  | /opt/ejabberd/.ejabberd-modules/sources/ejabberd-contrib/ejabberd_auth_http/deps/fusco/src/fusco_lib.erl:273:22: Warning: http_uri:decode/1 is deprecated and will be removed in OTP 27; use uri_string:unquote function instead
ejabberd  | %  273|                     {http_uri:decode(User), "", HostPortPath};
ejabberd  | %     |                      ^
ejabberd  | 
ejabberd  | /opt/ejabberd/.ejabberd-modules/sources/ejabberd-contrib/ejabberd_auth_http/deps/fusco/src/fusco_lib.erl:275:22: Warning: http_uri:decode/1 is deprecated and will be removed in OTP 27; use uri_string:unquote function instead
ejabberd  | %  275|                     {http_uri:decode(User), http_uri:decode(Passwd),
ejabberd  | %     |                      ^
ejabberd  | 
ejabberd  | /opt/ejabberd/.ejabberd-modules/sources/ejabberd-contrib/ejabberd_auth_http/deps/fusco/src/fusco_lib.erl:275:45: Warning: http_uri:decode/1 is deprecated and will be removed in OTP 27; use uri_string:unquote function instead
ejabberd  | %  275|                     {http_uri:decode(User), http_uri:decode(Passwd),
ejabberd  | %     |                                             ^
@badlop
Copy link
Member

badlop commented Oct 10, 2024

ejabberd_auth_http depends on the fusco library, which was last updated 3 years ago... So it's to be expected that it isn't up to date with recent changes. There is no fork with that fixed. Fortunately it's a warning, and will work with Erlang/OTP 26 which is still the recommended version for some months.

Other than that, does ejabberd_auth_http work correctly for you?

@pl-bamboo
Copy link
Author

pl-bamboo commented Oct 14, 2024
edited
Loading

Thanks for explanation!

Also, I'm having some problems integrating the ejabberd_auth_http plugin.
I have installed ejabberd to on-premise host behind Nginx, which terminates my ssl with *.mydomain.com wildcard certificate.
My authentication server is on another host.
I have only enabled port 5280 and am referring to a self-signed certificate, which is probably unnecessary (I also put my certificate in the container and got the same result)
When I call:
curl -u 'anonymous@ejabberd.mydomain.com:anonymous' https://ejabberd.mydomain.com/api/user_exists -L
it was return in logs:

ejabberd  | 08:21:34.364 [debug] Bad Request: {:badmatch,
ejabberd  |  {:error,
ejabberd  |   {:options, :incompatible, [verify: :verify_peer, cacerts: :undefined]}}} [
ejabberd  |   {:ejabberd_auth_http, :http_request, 6,
ejabberd  |    [
ejabberd  |      file: ~c"/opt/ejabberd/.ejabberd-modules/sources/ejabberd-contrib/ejabberd_auth_http/src/ejabberd_auth_http.erl",
ejabberd  |      line: 230
ejabberd  |    ]},
ejabberd  |   {:ejabberd_auth_http, :check_password, 4,
ejabberd  |    [
ejabberd  |      file: ~c"/opt/ejabberd/.ejabberd-modules/sources/ejabberd-contrib/ejabberd_auth_http/src/ejabberd_auth_http.erl",
ejabberd  |      line: 64
ejabberd  |    ]},
ejabberd  |   {:ejabberd_auth, :db_check_password, 7,
ejabberd  |    [file: ~c"src/ejabberd_auth.erl", line: 724]},
ejabberd  |   {:ejabberd_auth, :"-check_password_with_authmodule/6-fun-0-", 8,
ejabberd  |    [file: ~c"src/ejabberd_auth.erl", line: 252]},
ejabberd  |   {:lists, :foldl, 3, [file: ~c"lists.erl", line: 1594]},
ejabberd  |   {:ejabberd_auth, :check_password_with_authmodule, 6,
ejabberd  |    [file: ~c"src/ejabberd_auth.erl", line: 250]},
ejabberd  |   {:ejabberd_auth, :check_password, 6,
ejabberd  |    [file: ~c"src/ejabberd_auth.erl", line: 225]},
ejabberd  |   {:mod_http_api, :extract_auth, 1, [file: ~c"src/mod_http_api.erl", line: 99]}
ejabberd  | ]

When I try to use http endpoint instead of https its return me only 301 responce code without redirection:

ejabberd  | 08:20:48.739 [debug] Request result: 301: "<html>\r\n<head><title>301 Moved Permanently</title></head>\r\n<body>\r\n<center><h1>301 Moved Permanently</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n"
ejabberd  | 
ejabberd  | 08:20:48.769 [debug] Request result: 301: "<html>\r\n<head><title>301 Moved Permanently</title></head>\r\n<body>\r\n<center><h1>301 Moved Permanently</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n"
ejabberd  | 
ejabberd  | 08:20:48.799 [debug] Request result: 301: "<html>\r\n<head><title>301 Moved Permanently</title></head>\r\n<body>\r\n<center><h1>301 Moved Permanently</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n"
ejabberd  | 
ejabberd  | 08:20:48.829 [debug] Request result: 301: "<html>\r\n<head><title>301 Moved Permanently</title></head>\r\n<body>\r\n<center><h1>301 Moved Permanently</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n"
ejabberd  | 
ejabberd  | 08:20:48.858 [debug] Request result: 301: "<html>\r\n<head><title>301 Moved Permanently</title></head>\r\n<body>\r\n<center><h1>301 Moved Permanently</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n"

Could you please tell me what I'm doing wrong

ejabberd.yml

hosts:
  - localhost
  - "ejabberd.mydomain.com"
  
certfiles:
  - /home/ejabberd/conf/server.pem

ca_file: "/home/ejabberd/conf/cacert.pem"

...
install_contrib_modules:
  - ejabberd_auth_http

auth_method: http
auth_opts:
  host: "http://ejabberd-auth.mydomain.com"
  path_prefix: "/api/v1/"

listen:  
   -
    port: 5280
    ip: "::"
    module: ejabberd_http
    request_handlers:
      "/admin": ejabberd_web_admin
      "/api": mod_http_api
      "/bosh": mod_bosh
      "/captcha": ejabberd_captcha
      "/upload": mod_http_upload
      "/ws": ejabberd_http_ws
      "/oauth": ejabberd_oauth
      "/register": mod_register_web
      "/conversejs": mod_conversejs
      "/xmlrpc": ejabberd_xmlrpc
      
...

docker-compose.yml

services:
main:
  image: ghcr.io/processone/ejabberd:24.07
  container_name: ejabberd
  environment:
    - CTL_ON_START=module_install ejabberd_auth_http
  ports:
    - "5280:5280"
  volumes:
    - ./ejabberd.yml:/opt/ejabberd/conf/ejabberd.yml:ro
    - ./database:/opt/ejabberd/database
    - ./package:/opt/ejabberd/conversejs/package
full logs 
ejabberd  | 
ejabberd  | 08:43:31.757 [info] Loading configuration from /opt/ejabberd/conf/ejabberd.yml
ejabberd  | I'll download "fusco" using git because I can't use Mix to fetch from hex.pm:
ejabberd  | Runtime terminating during boot ({'cannot get bootfile','/opt/ejabberd-24.07/bin/start.boot'})
ejabberd  | 
ejabberd  | Crash dump is being written to: /opt/ejabberd/logs/erl_crash_20241014-084331.dump...done
ejabberd  | Fetching dependency cuesport: Cloning into 'cuesport'...
ejabberd  | Fetching dependency fusco: Cloning into 'fusco'...
ejabberd  | /opt/ejabberd/.ejabberd-modules/sources/ejabberd-contrib/ejabberd_auth_http/deps/fusco/src/fusco_lib.erl:273:22: Warning: http_uri:decode/1 is deprecated and will be removed in OTP 27; use uri_string:unquote function instead
ejabberd  | %  273|                     {http_uri:decode(User), "", HostPortPath};
ejabberd  | %     |                      ^
ejabberd  | 
ejabberd  | /opt/ejabberd/.ejabberd-modules/sources/ejabberd-contrib/ejabberd_auth_http/deps/fusco/src/fusco_lib.erl:275:22: Warning: http_uri:decode/1 is deprecated and will be removed in OTP 27; use uri_string:unquote function instead
ejabberd  | %  275|                     {http_uri:decode(User), http_uri:decode(Passwd),
ejabberd  | %     |                      ^
ejabberd  | 
ejabberd  | /opt/ejabberd/.ejabberd-modules/sources/ejabberd-contrib/ejabberd_auth_http/deps/fusco/src/fusco_lib.erl:275:45: Warning: http_uri:decode/1 is deprecated and will be removed in OTP 27; use uri_string:unquote function instead
ejabberd  | %  275|                     {http_uri:decode(User), http_uri:decode(Passwd),
ejabberd  | %     |                                             ^
ejabberd  | 
ejabberd  | Module ejabberd_auth_http has been installed.
ejabberd  | Now you can configure it in your ejabberd.yml
ejabberd  | I'll download "fusco" using git because I can't use Mix to fetch from hex.pm:
ejabberd  | Runtime terminating during boot ({'cannot get bootfile','/opt/ejabberd-24.07/bin/start.boot'})
ejabberd  | 
ejabberd  | Crash dump is being written to: /opt/ejabberd/logs/erl_crash_20241014-084331.dump...done
ejabberd  | 
ejabberd  | 08:43:33.825 [info] Configuration loaded successfully
ejabberd  | 
ejabberd  | 08:43:33.923 [debug] Waiting for Mnesia tables synchronization...
ejabberd  | 
ejabberd  | 08:43:33.935 [debug] No custom Mnesia schema file found at /opt/ejabberd/database/ejabberd.schema
ejabberd  | 
ejabberd  | 08:43:33.939 [info] Got no NOTIFY_SOCKET, notifications disabled
ejabberd  | 
ejabberd  | 08:43:33.988 [debug] Loading access rules from config
ejabberd  | 
ejabberd  | 08:43:33.988 [debug] Access rules loaded successfully
ejabberd  | 
ejabberd  | 08:43:33.988 [debug] Loading shaper rules from config
ejabberd  | 
ejabberd  | 08:43:33.988 [debug] Shaper rules loaded successfully
ejabberd  | 
ejabberd  | 08:43:34.008 [debug] Route registered: localhost
ejabberd  | 
ejabberd  | 08:43:34.008 [debug] Route registered: ejabberd.mydomain.com
ejabberd  | I'll download "fusco" using git because I can't use Mix to fetch from hex.pm:
ejabberd  | Runtime terminating during boot ({'cannot get bootfile','/opt/ejabberd-24.07/bin/start.boot'})
ejabberd  | 
ejabberd  | Crash dump is being written to: /opt/ejabberd/logs/erl_crash_20241014-084331.dump...done
ejabberd  | 
ejabberd  | 08:43:34.182 [info] Loading modules for localhost and ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.182 [debug] Loading mod_adhoc at localhost
ejabberd  | 
ejabberd  | 08:43:34.182 [debug] Loading mod_ping at localhost
ejabberd  | 
ejabberd  | 08:43:34.184 [debug] Loading mod_mam at localhost
ejabberd  | 
ejabberd  | 08:43:34.185 [warning] Mnesia backend for mod_mam is not recommended: it's limited to 2GB and often gets corrupted when reaching this limit. SQL backend is recommended. Namely, for small servers SQLite is a preferred choice because it's very easy to configure.
ejabberd  | 
ejabberd  | 08:43:34.189 [debug] Loading mod_announce at localhost
ejabberd  | 
ejabberd  | 08:43:34.195 [debug] Loading mod_offline at localhost
ejabberd  | 
ejabberd  | 08:43:34.201 [debug] Loading mod_admin_extra at localhost
ejabberd  | 
ejabberd  | 08:43:34.202 [debug] Loading mod_caps at localhost
ejabberd  | 
ejabberd  | 08:43:34.212 [debug] Loading mod_pubsub at localhost
ejabberd  | 
ejabberd  | 08:43:34.213 [debug] Route registered: pubsub.localhost
ejabberd  | 
ejabberd  | 08:43:34.215 [debug] Loading mod_version at localhost
ejabberd  | 
ejabberd  | 08:43:34.215 [debug] Loading mod_register at localhost
ejabberd  | 
ejabberd  | 08:43:34.215 [debug] Loading mod_client_state at localhost
ejabberd  | 
ejabberd  | 08:43:34.216 [debug] Loading mod_roster at localhost
ejabberd  | 
ejabberd  | 08:43:34.232 [debug] Loading mod_http_upload at localhost
ejabberd  | 
ejabberd  | 08:43:34.233 [debug] Route registered: upload.localhost
ejabberd  | 
ejabberd  | 08:43:34.233 [debug] Loading mod_sip at localhost
ejabberd  | 
ejabberd  | 08:43:34.235 [debug] Loading mod_http_api at localhost
ejabberd  | 
ejabberd  | 08:43:34.236 [debug] Loading mod_s2s_dialback at localhost
ejabberd  | 
ejabberd  | 08:43:34.236 [debug] Loading mod_stream_mgmt at localhost
ejabberd  | 
ejabberd  | 08:43:34.241 [debug] Loading mod_carboncopy at localhost
ejabberd  | 
ejabberd  | 08:43:34.241 [debug] Loading mod_fail2ban at localhost
ejabberd  | 
ejabberd  | 08:43:34.241 [debug] Loading mod_shared_roster at localhost
ejabberd  | 
ejabberd  | 08:43:34.247 [debug] Loading mod_muc at localhost
ejabberd  | 
ejabberd  | 08:43:34.258 [debug] Route registered: conference.localhost
ejabberd  | 
ejabberd  | 08:43:34.260 [debug] Loading rooms at conference.localhost
ejabberd  | 
ejabberd  | 08:43:34.260 [debug] Loading mod_muc_admin at localhost
ejabberd  | 
ejabberd  | 08:43:34.260 [debug] Loading mod_private at localhost
ejabberd  | 
ejabberd  | 08:43:34.268 [debug] Loading mod_privacy at localhost
ejabberd  | 
ejabberd  | 08:43:34.281 [debug] Loading mod_disco at localhost
ejabberd  | 
ejabberd  | 08:43:34.282 [debug] Loading mod_vcard at localhost
ejabberd  | 
ejabberd  | 08:43:34.289 [debug] Loading mod_vcard_xupdate at localhost
ejabberd  | 
ejabberd  | 08:43:34.295 [debug] Loading mod_avatar at localhost
ejabberd  | 
ejabberd  | 08:43:34.295 [debug] Loading mod_blocking at localhost
ejabberd  | 
ejabberd  | 08:43:34.295 [debug] Loading mod_bosh at localhost
ejabberd  | 
ejabberd  | 08:43:34.295 [debug] Loading mod_push at localhost
ejabberd  | 
ejabberd  | 08:43:34.302 [debug] Loading mod_push_keepalive at localhost
ejabberd  | 
ejabberd  | 08:43:34.302 [debug] Loading mod_last at localhost
ejabberd  | 
ejabberd  | 08:43:34.309 [debug] Loading mod_configure at localhost
ejabberd  | 
ejabberd  | 08:43:34.309 [debug] Loading mod_mqtt at localhost
ejabberd  | 
ejabberd  | 08:43:34.318 [info] Building MQTT cache for localhost, this may take a while
ejabberd  | 
ejabberd  | 08:43:34.318 [debug] Loading mod_proxy65 at localhost
ejabberd  | 
ejabberd  | 08:43:34.322 [debug] Route registered: proxy.localhost
ejabberd  | 
ejabberd  | 08:43:34.322 [debug] Loading mod_adhoc at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.322 [debug] Loading mod_conversejs at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.322 [debug] Loading mod_ping at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.322 [debug] Loading mod_mam at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.322 [warning] Mnesia backend for mod_mam is not recommended: it's limited to 2GB and often gets corrupted when reaching this limit. SQL backend is recommended. Namely, for small servers SQLite is a preferred choice because it's very easy to configure.
ejabberd  | 
ejabberd  | 08:43:34.323 [debug] Loading mod_announce at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.323 [debug] Loading mod_offline at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.323 [debug] Loading mod_admin_extra at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.323 [debug] Loading mod_caps at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.324 [debug] Loading mod_pubsub at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.324 [debug] Route registered: pubsub.ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.324 [debug] Loading mod_version at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.324 [debug] Loading mod_register at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.324 [debug] Loading mod_client_state at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.324 [debug] Loading mod_roster at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.325 [debug] Loading mod_http_upload at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.325 [debug] Route registered: upload.ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.325 [debug] Loading mod_sip at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.325 [debug] Loading mod_http_api at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.325 [debug] Loading mod_s2s_dialback at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.325 [debug] Loading mod_stream_mgmt at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.325 [debug] Loading mod_carboncopy at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.325 [debug] Loading mod_fail2ban at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.326 [debug] Loading mod_shared_roster at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.326 [debug] Loading mod_muc at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.326 [debug] Route registered: conference.ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.327 [debug] Loading rooms at conference.ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.327 [debug] Loading mod_muc_admin at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.327 [debug] Loading mod_private at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.327 [debug] Loading mod_privacy at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.327 [debug] Loading mod_disco at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.327 [debug] Loading mod_vcard at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.327 [debug] Loading mod_vcard_xupdate at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.328 [debug] Loading mod_avatar at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.328 [debug] Loading mod_blocking at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.328 [debug] Loading mod_bosh at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.328 [debug] Loading mod_push at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.328 [debug] Loading mod_push_keepalive at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.328 [debug] Loading mod_last at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.328 [debug] Loading mod_configure at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.328 [debug] Loading mod_mqtt at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.328 [info] Building MQTT cache for ejabberd.mydomain.com, this may take a while
ejabberd  | 
ejabberd  | 08:43:34.329 [debug] Loading mod_proxy65 at ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.329 [debug] Route registered: proxy.ejabberd.mydomain.com
ejabberd  | 
ejabberd  | 08:43:34.329 [warning] The option captcha_cmd is not configured, but some module wants to use the CAPTCHA feature.
ejabberd  | 
ejabberd  | 08:43:34.351 [info] Waiting for Mnesia synchronization to complete
ejabberd  | 
ejabberd  | 08:43:34.352 [debug] Running hook :ejabberd_started: :ejabberd_pkix::ejabberd_started/0
ejabberd  | 
ejabberd  | 08:43:34.363 [debug] Using CA root certificates from: /opt/ejabberd/conf/cacert.pem
ejabberd  | 
ejabberd  | 08:43:34.387 [warning] Invalid certificate in /opt/ejabberd/conf/server.pem: at line 53: self-signed certificate
ejabberd  | 
ejabberd  | 08:43:34.392 [debug] Running hook :ejabberd_started: :mod_push_keepalive::ejabberd_started/0
ejabberd  | 
ejabberd  | 08:43:34.393 [debug] Running hook :ejabberd_started: :ejabberd_acme::ejabberd_started/0
ejabberd  | 
ejabberd  | 08:43:34.393 [debug] Closing NOTIFY_SOCKET
ejabberd  | 
ejabberd  | 08:43:34.393 [debug] No NOTIFY_SOCKET, dropping READY=1 notification
ejabberd  | 
ejabberd  | 08:43:34.394 [debug] Checking consistency of applications: asn1, base64url, cache_tab, compiler, crypto, eimp, ejabberd, elixir, epam, eredis, esip, ezlib, fast_tls, fast_xml, fast_yaml, idna, inets, jiffy, jose, kernel, logger, luerl, mix, mnesia, mqtree, observer, odbc, os_mon, p1_acme, p1_mysql, p1_oauth2, p1_pgsql, p1_utils, pkix, public_key, sasl, sqlite3, ssl, stdlib, stringprep, stun, syntax_tools, unicode_util_compat, xmerl, xmpp, yconf
ejabberd  | 
ejabberd  | 08:43:34.394 [info] ejabberd 24.7.0 is started in the node :ejabberd@localhost in 2.69s
ejabberd  | 
ejabberd  | 08:43:34.396 [info] Start accepting TCP connections at [::]:5222 for :ejabberd_c2s
ejabberd  | 
ejabberd  | 08:43:34.396 [info] Start accepting TCP connections at [::]:5280 for :ejabberd_http
ejabberd  | 
ejabberd  | 08:43:34.396 [info] Start accepting TCP connections at 172.18.0.2:7777 for :mod_proxy65_stream
ejabberd  | 
ejabberd  | 08:43:34.397 [info] Start accepting TCP connections at [::]:1883 for :mod_mqtt
ejabberd  | 
ejabberd  | 08:43:34.397 [info] Start accepting TCP connections at [::]:5269 for :ejabberd_s2s_in
ejabberd  | 
ejabberd  | 08:43:35.224 [debug] All applications are intact
ejabberd  | 
ejabberd  | 08:43:38.716 [debug] Closing NOTIFY_SOCKET
ejabberd  | 
ejabberd  | 08:43:38.716 [debug] No NOTIFY_SOCKET, dropping RELOADING=1 notification
ejabberd  | 
ejabberd  | 08:43:38.716 [info] Reloading configuration from /opt/ejabberd/conf/ejabberd.yml
ejabberd  | 
ejabberd  | 08:43:38.746 [debug] Running hook :config_reloaded: :acl::reload_from_config/0
ejabberd  | 
ejabberd  | 08:43:38.746 [debug] Loading access rules from config
ejabberd  | 
ejabberd  | 08:43:38.746 [debug] Access rules loaded successfully
ejabberd  | 
ejabberd  | 08:43:38.746 [debug] Running hook :config_reloaded: :ejabberd_shaper::reload_from_config/0
ejabberd  | 
ejabberd  | 08:43:38.747 [debug] Loading shaper rules from config
ejabberd  | 
ejabberd  | 08:43:38.747 [debug] Shaper rules loaded successfully
ejabberd  | 
ejabberd  | 08:43:38.747 [debug] Running hook :config_reloaded: :ejabberd_sql_sup::config_reloaded/0
ejabberd  | 
ejabberd  | 08:43:38.747 [debug] Running hook :config_reloaded: :ejabberd_acme::register_certfiles/0
ejabberd  | 
ejabberd  | 08:43:38.747 [debug] Running hook :config_reloaded: :ejabberd_auth::config_reloaded/0
ejabberd  | 
ejabberd  | 08:43:38.747 [debug] Running hook :config_reloaded: :ejabberd_cluster::set_ticktime/0
ejabberd  | 
ejabberd  | 08:43:38.747 [debug] Running hook :config_reloaded: :ejabberd_listener::config_reloaded/0
ejabberd  | 
ejabberd  | 08:43:38.747 [debug] Running hook :config_reloaded: :ejabberd_oauth::config_reloaded/0
ejabberd  | 
ejabberd  | 08:43:38.747 [debug] Running hook :config_reloaded: :ejabberd_router::config_reloaded/0
ejabberd  | 
ejabberd  | 08:43:38.747 [debug] Running hook :config_reloaded: :ejabberd_sm::config_reloaded/0
ejabberd  | 
ejabberd  | 08:43:38.747 [debug] Running hook :config_reloaded: :ejabberd_system_monitor::config_reloaded/0
ejabberd  | 
ejabberd  | 08:43:38.747 [debug] Running hook :config_reloaded: :gen_mod::config_reloaded/0
ejabberd  | 
ejabberd  | 08:43:38.747 [debug] Running hook :config_reloaded: :ejabberd_access_permissions::invalidate/0
ejabberd  | 
ejabberd  | 08:43:38.747 [debug] Running hook :config_reloaded: :ejabberd_pkix::config_reloaded/0
ejabberd  | 
ejabberd  | 08:43:38.747 [debug] Using CA root certificates from: /opt/ejabberd/conf/cacert.pem
ejabberd  | 
ejabberd  | 08:43:38.767 [warning] Invalid certificate in /opt/ejabberd/conf/server.pem: at line 53: self-signed certificate
ejabberd  | 
ejabberd  | 08:43:38.767 [debug] Running hook :config_reloaded: :ejabberd_acme::ejabberd_started/0
ejabberd  | 
ejabberd  | 08:43:38.767 [info] Configuration reloaded successfully
ejabberd  | 
ejabberd  | 08:43:38.768 [debug] Closing NOTIFY_SOCKET
ejabberd  | 
ejabberd  | 08:43:38.768 [debug] No NOTIFY_SOCKET, dropping READY=1 notification
ejabberd  | 
ejabberd  | 08:43:49.651 [info] (#PID<0.952.0>) Accepted connection [::ffff:172.18.0.1]:12987 -> [::ffff:172.18.0.2]:5280
ejabberd  | 
ejabberd  | 08:43:49.670 [debug] S: [
ejabberd  |   {["admin"], :ejabberd_web_admin},
ejabberd  |   {["api"], :mod_http_api},
ejabberd  |   {["bosh"], :mod_bosh},
ejabberd  |   {["captcha"], :ejabberd_captcha},
ejabberd  |   {["upload"], :mod_http_upload},
ejabberd  |   {["ws"], :ejabberd_http_ws},
ejabberd  |   {["oauth"], :ejabberd_oauth},
ejabberd  |   {["register"], :mod_register_web},
ejabberd  |   {["conversejs"], :mod_conversejs},
ejabberd  |   {["xmlrpc"], :ejabberd_xmlrpc}
ejabberd  | ]
ejabberd  | 
ejabberd  | 
ejabberd  | 08:43:49.673 [debug] (#Port<0.33>) http query: :GET "/api/user_exists"
ejabberd  | 
ejabberd  | 
ejabberd  | 08:43:49.674 [debug] ["api", "user_exists"] matches ["api"]
ejabberd  | 
ejabberd  | 08:43:49.674 [info] API call user_exists [] ({0, 0, 0, 0, 0, 65535, 44050, 1})
ejabberd  | 
ejabberd  | 08:43:49.679 [debug] Making request 'check_password' for user anonymous@ejabberd.mydomain.com...
ejabberd  | 
ejabberd  | 08:43:49.690 [debug] Bad Request: {:badmatch,
ejabberd  |  {:error,
ejabberd  |   {:options, :incompatible, [verify: :verify_peer, cacerts: :undefined]}}} [
ejabberd  |   {:ejabberd_auth_http, :http_request, 6,
ejabberd  |    [
ejabberd  |      file: ~c"/opt/ejabberd/.ejabberd-modules/sources/ejabberd-contrib/ejabberd_auth_http/src/ejabberd_auth_http.erl",
ejabberd  |      line: 230
ejabberd  |    ]},
ejabberd  |   {:ejabberd_auth_http, :check_password, 4,
ejabberd  |    [
ejabberd  |      file: ~c"/opt/ejabberd/.ejabberd-modules/sources/ejabberd-contrib/ejabberd_auth_http/src/ejabberd_auth_http.erl",
ejabberd  |      line: 64
ejabberd  |    ]},
ejabberd  |   {:ejabberd_auth, :db_check_password, 7,
ejabberd  |    [file: ~c"src/ejabberd_auth.erl", line: 724]},
ejabberd  |   {:ejabberd_auth, :"-check_password_with_authmodule/6-fun-0-", 8,
ejabberd  |    [file: ~c"src/ejabberd_auth.erl", line: 252]},
ejabberd  |   {:lists, :foldl, 3, [file: ~c"lists.erl", line: 1594]},
ejabberd  |   {:ejabberd_auth, :check_password_with_authmodule, 6,
ejabberd  |    [file: ~c"src/ejabberd_auth.erl", line: 250]},
ejabberd  |   {:ejabberd_auth, :check_password, 6,
ejabberd  |    [file: ~c"src/ejabberd_auth.erl", line: 225]},
ejabberd  |   {:mod_http_api, :extract_auth, 1, [file: ~c"src/mod_http_api.erl", line: 99]}
ejabberd  | ]

@badlop
Copy link
Member

badlop commented Oct 14, 2024

Hi, I tried to replicate your problem, but I faced a pair of inconsistencies before reaching that state.

You are calling user_exists, which is not defined in https://docs.ejabberd.im/developer/ejabberd-api/admin-api/

If I try that query, I get as response "unknown_command"

Surprisingly, in you case that query gets converted to the proper command, called check_password

I don't know what implements that command-name conversion, did you install any other module, or using an older container image?

The ejabberd container image does not include mix or git, that means dependencies cannot get downloaded. This is what I get when I try your docker-compose using podman:

[main] | 10:02:42.489 [info] Start accepting TCP connections at [::]:5280 for :ejabberd_http
[main] | :> ejabberdctl module_install ejabberd_auth_http
[main] | I'll download "fusco" using git because I can't use Mix to fetch from hex.pm:
[main] | /bin/sh: mix: not found
[main] | Fetching dependency cuesport: /bin/sh: git: not found
[main] | Fetching dependency fusco: /bin/sh: git: not found
[main] | Module ejabberd_auth_http has been installed.
[main] | Now you can configure it in your ejabberd.yml
[main] | I'll download "fusco" using git because I can't use Mix to fetch from hex.pm:
[main] | /bin/sh: mix: not found

In your ejabberd log file, it shows git is installed and used. Did you install it manually, or are using another container image?

The precise problem appears when ejabberd_auth_http executes
fusco:request(Connection, Url, MethodStr, Headers, Query, 2, 5000),

this should return {ok, ...}
but it instead returns

{:error,
    {:options, :incompatible, [verify: :verify_peer, cacerts: :undefined]}
}

I don't know if that means that some option provided to fusco is problematic, or maybe there was some problem and fusco is simply returning the options it used...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@badlop @pl-bamboo