yetangitu/ejabberd
1
0
Fork 0
mirror of https://github.com/processone/ejabberd synced 2025-10-03 09:49:18 +02:00
Code Issues Releases Wiki Activity

Strip query data when returning errors in mod_register

Browse source
This commit is contained in:
Paweł Chmielowski 2025-04-29 10:33:17 +02:00
parent e7997244af
commit 838bbd70ef
1 changed files with 24 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

43
src/mod_register.erl
View file

@ -87,7 +87,7 @@ c2s_unauthenticated_packet(#{ip := IP, server := Server} = State,
catch _:{xmpp_codec, Why} -> catch _:{xmpp_codec, Why} ->
Txt = xmpp:io_format_error(Why), Txt = xmpp:io_format_error(Why),
Lang = maps:get(lang, State), Lang = maps:get(lang, State),
Err = xmpp:make_error(IQ, xmpp:err_bad_request(Txt, Lang)), Err = make_stripped_error(IQ, xmpp:err_bad_request(Txt, Lang)),
{stop, ejabberd_c2s:send(State, Err)} {stop, ejabberd_c2s:send(State, Err)}
end; end;
c2s_unauthenticated_packet(State, _) -> c2s_unauthenticated_packet(State, _) ->
@ -116,7 +116,7 @@ process_iq(#iq{type = set, lang = Lang,
sub_els = [#register{remove = true}]} = IQ, sub_els = [#register{remove = true}]} = IQ,
_Source, _IsCaptchaEnabled, _AllowRemove = false) -> _Source, _IsCaptchaEnabled, _AllowRemove = false) ->
Txt = ?T("Access denied by service policy"), Txt = ?T("Access denied by service policy"),
xmpp:make_error(IQ, xmpp:err_forbidden(Txt, Lang)); make_stripped_error(IQ, xmpp:err_forbidden(Txt, Lang));
process_iq(#iq{type = set, lang = Lang, to = To, from = From, process_iq(#iq{type = set, lang = Lang, to = To, from = From,
sub_els = [#register{remove = true, sub_els = [#register{remove = true,
username = User, username = User,
@ -141,12 +141,12 @@ process_iq(#iq{type = set, lang = Lang, to = To, from = From,
ignore; ignore;
false -> false ->
Txt = ?T("Incorrect password"), Txt = ?T("Incorrect password"),
xmpp:make_error( make_stripped_error(
IQ, xmpp:err_forbidden(Txt, Lang)) IQ, xmpp:err_forbidden(Txt, Lang))
end; end;
true -> true ->
Txt = ?T("No 'password' found in this query"), Txt = ?T("No 'password' found in this query"),
xmpp:make_error(IQ, xmpp:err_bad_request(Txt, Lang)) make_stripped_error(IQ, xmpp:err_bad_request(Txt, Lang))
end end
end; end;
true -> true ->
@ -158,7 +158,7 @@ process_iq(#iq{type = set, lang = Lang, to = To, from = From,
ignore; ignore;
_ -> _ ->
Txt = ?T("The query is only allowed from local users"), Txt = ?T("The query is only allowed from local users"),
xmpp:make_error(IQ, xmpp:err_not_allowed(Txt, Lang)) make_stripped_error(IQ, xmpp:err_not_allowed(Txt, Lang))
end end
end; end;
process_iq(#iq{type = set, to = To, process_iq(#iq{type = set, to = To,
@ -186,17 +186,17 @@ process_iq(#iq{type = set, to = To,
User, Server, Password, IQ, Source, true); User, Server, Password, IQ, Source, true);
_ -> _ ->
Txt = ?T("Incorrect data form"), Txt = ?T("Incorrect data form"),
xmpp:make_error(IQ, xmpp:err_bad_request(Txt, Lang)) make_stripped_error(IQ, xmpp:err_bad_request(Txt, Lang))
end; end;
{error, malformed} -> {error, malformed} ->
Txt = ?T("Incorrect CAPTCHA submit"), Txt = ?T("Incorrect CAPTCHA submit"),
xmpp:make_error(IQ, xmpp:err_bad_request(Txt, Lang)); make_stripped_error(IQ, xmpp:err_bad_request(Txt, Lang));
_ -> _ ->
ErrText = ?T("The CAPTCHA verification has failed"), ErrText = ?T("The CAPTCHA verification has failed"),
xmpp:make_error(IQ, xmpp:err_not_allowed(ErrText, Lang)) make_stripped_error(IQ, xmpp:err_not_allowed(ErrText, Lang))
end; end;
process_iq(#iq{type = set} = IQ, _Source, _IsCaptchaEnabled, _AllowRemove) -> process_iq(#iq{type = set} = IQ, _Source, _IsCaptchaEnabled, _AllowRemove) ->
xmpp:make_error(IQ, xmpp:err_bad_request()); make_stripped_error(IQ, xmpp:err_bad_request());
process_iq(#iq{type = get, from = From, to = To, id = ID, lang = Lang} = IQ, process_iq(#iq{type = get, from = From, to = To, id = ID, lang = Lang} = IQ,
Source, IsCaptchaEnabled, _AllowRemove) -> Source, IsCaptchaEnabled, _AllowRemove) ->
Server = To#jid.lserver, Server = To#jid.lserver,
@ -248,11 +248,11 @@ process_iq(#iq{type = get, from = From, to = To, id = ID, lang = Lang} = IQ,
sub_els = [Xdata | CaptchaEls2]}); sub_els = [Xdata | CaptchaEls2]});
{error, limit} -> {error, limit} ->
ErrText = ?T("Too many CAPTCHA requests"), ErrText = ?T("Too many CAPTCHA requests"),
xmpp:make_error( make_stripped_error(
IQ, xmpp:err_resource_constraint(ErrText, Lang)); IQ, xmpp:err_resource_constraint(ErrText, Lang));
_Err -> _Err ->
ErrText = ?T("Unable to generate a CAPTCHA"), ErrText = ?T("Unable to generate a CAPTCHA"),
xmpp:make_error( make_stripped_error(
IQ, xmpp:err_internal_server_error(ErrText, Lang)) IQ, xmpp:err_internal_server_error(ErrText, Lang))
end; end;
true -> true ->
@ -277,14 +277,14 @@ try_register_or_set_password(User, Server, Password,
ok -> ok ->
xmpp:make_iq_result(IQ); xmpp:make_iq_result(IQ);
{error, Error} -> {error, Error} ->
xmpp:make_error(IQ, Error) make_stripped_error(IQ, Error)
end; end;
deny -> deny ->
Txt = ?T("Access denied by service policy"), Txt = ?T("Access denied by service policy"),
xmpp:make_error(IQ, xmpp:err_forbidden(Txt, Lang)) make_stripped_error(IQ, xmpp:err_forbidden(Txt, Lang))
end; end;
_ -> _ ->
xmpp:make_error(IQ, xmpp:err_not_allowed()) make_stripped_error(IQ, xmpp:err_not_allowed())
end. end.
try_set_password(User, Server, Password) -> try_set_password(User, Server, Password) ->
@ -307,15 +307,15 @@ try_set_password(User, Server, Password, #iq{lang = Lang, meta = M} = IQ) ->
xmpp:make_iq_result(IQ); xmpp:make_iq_result(IQ);
{error, not_allowed} -> {error, not_allowed} ->
Txt = ?T("Changing password is not allowed"), Txt = ?T("Changing password is not allowed"),
xmpp:make_error(IQ, xmpp:err_not_allowed(Txt, Lang)); make_stripped_error(IQ, xmpp:err_not_allowed(Txt, Lang));
{error, invalid_jid = Why} -> {error, invalid_jid = Why} ->
xmpp:make_error(IQ, xmpp:err_jid_malformed(format_error(Why), Lang)); make_stripped_error(IQ, xmpp:err_jid_malformed(format_error(Why), Lang));
{error, invalid_password = Why} -> {error, invalid_password = Why} ->
xmpp:make_error(IQ, xmpp:err_not_allowed(format_error(Why), Lang)); make_stripped_error(IQ, xmpp:err_not_allowed(format_error(Why), Lang));
{error, weak_password = Why} -> {error, weak_password = Why} ->
xmpp:make_error(IQ, xmpp:err_not_acceptable(format_error(Why), Lang)); make_stripped_error(IQ, xmpp:err_not_acceptable(format_error(Why), Lang));
{error, db_failure = Why} -> {error, db_failure = Why} ->
xmpp:make_error(IQ, xmpp:err_internal_server_error(format_error(Why), Lang)) make_stripped_error(IQ, xmpp:err_internal_server_error(format_error(Why), Lang))
end. end.
try_register(User, Server, Password, SourceRaw, Module) -> try_register(User, Server, Password, SourceRaw, Module) ->
@ -562,6 +562,11 @@ is_strong_password2(Server, Password) ->
ejabberd_auth:entropy(Password) >= Entropy ejabberd_auth:entropy(Password) >= Entropy
end. end.
make_stripped_error(#iq{} = IQ, Err) ->
xmpp:make_error(xmpp:remove_subtag(IQ, #register{}), Err);
make_stripped_error(Pkt, Err) ->
xmpp:make_error(Pkt, Err).
%%% %%%
%%% ip_access management %%% ip_access management
%%% %%%