http_upload button visible but not functional for anonymous users

[poVoq]

Describe the bug When using the anonymous login feature one can click on the share file button and select a file, but the actual upload fails

Expected behavior The button should be just hidden when no suitable http_upload component can be found.

In my specific case the http_upload component for regular users is under uploads.example.com while anonymous users use the anon.example.com virtual host. Since these two name-spaces are not directly in an hierarchical order, the upload component is probably inaccessible for the anonymous users.

I did not check if adding the http_upload component to the mod_disco discovery list makes it available, but it would be probably best that the upload button is hidden unless there is a specific http_upload component under uploads.anon.example.com that can be configured specifically for that use-case.

[nioc]

Can you share an example of XMPP config file?

[poVoq]

VirtualHost "anon.example.com"
   authentication = "anonymous"

Not sure why that is relevant, I explained the setup above and it is the standard way of doing exactly that with Prosody.

Should it actually be hidden?

[nioc]

It is relevant to reproduce your issue. I have no problem with guest file upload with the following prosody.cfg:

daemonize = false;

admins = { "nioc@localhost" }

plugin_paths = { "/usr/lib/prosody/custom-modules" }

modules_enabled = {
        -- Generally required
                "roster"; -- Allow users to have a roster. Recommended ;)
                "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
                "tls"; -- Add support for secure TLS on c2s/s2s connections
                "dialback"; -- s2s dialback support
                "disco"; -- Service discovery

        -- Not essential, but recommended
                "carbons"; -- Keep multiple clients in sync
                "pep"; -- Enables users to publish their avatar, mood, activity, playing music and more
                "private"; -- Private XML storage (for room bookmarks, etc.)
                "blocklist"; -- Allow users to block communications with other users
                "vcard4"; -- User profiles (stored in PEP)
                "vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard

        -- Nice to have
                "version"; -- Replies to server version requests
                "uptime"; -- Report how long server has been running
                "time"; -- Let others know the time here on this server
                "ping"; -- Replies to XMPP pings with pongs
                "register"; -- Allow users to register on this server using a client and change passwords
                "mam"; -- Store messages in an archive and allow users to access it

        -- Admin interfaces
                "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands

        -- HTTP modules
                "bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
                "websocket"; -- XMPP over WebSockets

        -- Other specific functionality
                "proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use

        -- Custom
                "http_upload"; -- File upload in muc
}

modules_disabled = {
        "s2s"; -- Handle server-to-server connections
}

allow_registration = false

c2s_require_encryption = false

s2s_require_encryption = true

s2s_secure_auth = false

allow_unencrypted_plain_auth = true

disable_sasl_mechanisms = {}

authentication = "internal_hashed"

archive_expires_after = "1w" -- Remove archived messages after 1 week

log = {
    {levels = {min = "debug"}, to = "console"};
}

certificates = "certs"

-- custom config for http_upload module
http_upload_file_size_limit = 10485760 -- 10 Mb in bytes
http_upload_expire_after = 60 * 60 * 24 * 1 -- a day in seconds
http_upload_quota = 209715200 -- 200 Mb in bytes

----------- Virtual hosts -----------
consider_bosh_secure = true
consider_websocket_secure = true
cross_domain_websocket = { "http://chat.localhost", "http://localhost", "https://localhost" }
cross_domain_bosh = true

disco_items = {
    { "proxy.localhost", "SOCKS5 file transfert proxy" };
    { "conference.localhost", "Multi users chat" };
    { "upload.localhost", "File upload" };
}

VirtualHost "localhost"
    name = "XMPP server"
    enabled = true

Component "proxy.localhost" "proxy65"
    name = "SOCKS5 file transfert proxy service"
    proxy65_address = "localhost"
    proxy65_acl = { "localhost" }

Component "conference.localhost" "muc"
    modules_enabled = {
        "muc_mam";
        "vcard_muc";
    }
    name = "Conferences server"
    restrict_room_creation = "local"
    max_history_messages = 50

VirtualHost "anon.localhost"
    authentication = "anonymous"

If you want I spend some of my own free time on your situation, at least give me the information about your usage... I do not want to try to guest what is your setup.

[poVoq]

Ah, but that is a rather strange config with the http_upload not configured as a component. How does that even work?

And it also force adds the upload stuff to all virtual-hosts via the disco_items setting. I am also not sure if that even works with the new http_file_share module that replaced the old http_upload in Prosody 0.12.

My config looks pretty much like the standard one that comes with Prosody by default, and that uses components for the upload, so I still think this is a bug in xmpp-web as under normal circumstances it will not work.

[nioc]

May be, I'm not an XMPP expert, I just use it for my own usage and propose the web GUI to others 😉 Using Prosody 0.11.9 and an old version of mod_http_upload module.

As I said, I will not try to reproduce issue without a config file example.

[nioc]

You can also propose a pull request for handling this.

[nioc]

Closing because this issue was inactive for too long and not be planned.