cannot_register: Can't register user user1@localhost at node ejabberd@localhost: Not allowed

[pinanklakhani]

Updated auth method to http and configured the external webhooks. But since after that i am unable to register via command line or api. Using this plugin for webhook callbacks: https://github.com/processone/ejabberd-contrib/tree/master/ejabberd_auth_http

My ejabberd.yml file is as below:

```yaml ### ### ejabberd configuration file ### ### The parameters used in this configuration file are explained at ### ### https://docs.ejabberd.im/admin/configuration ### ### The configuration file is written in YAML. ### ******************************************************* ### ******* !!! WARNING !!! ******* ### ******* YAML IS INDENTATION SENSITIVE ******* ### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY ******* ### ******************************************************* ### Refer to http://en.wikipedia.org/wiki/YAML for the brief description. ### hosts: - localhost loglevel: info ## If you already have certificates, list them here # certfiles: # - /etc/letsencrypt/live/domain.tld/fullchain.pem # - /etc/letsencrypt/live/domain.tld/privkey.pem listen: - port: 5222 ip: "::" module: ejabberd_c2s max_stanza_size: 262144 shaper: c2s_shaper access: c2s starttls_required: true - port: 5223 ip: "::" tls: true module: ejabberd_c2s max_stanza_size: 262144 shaper: c2s_shaper access: c2s starttls_required: true - port: 5269 ip: "::" module: ejabberd_s2s_in max_stanza_size: 524288 - port: 5443 ip: "::" module: ejabberd_http tls: false request_handlers: /admin: ejabberd_web_admin /api: mod_http_api /bosh: mod_bosh /captcha: ejabberd_captcha /upload: mod_http_upload /ws: ejabberd_http_ws - port: 5280 ip: "::" module: ejabberd_http request_handlers: /admin: ejabberd_web_admin /.well-known/acme-challenge: ejabberd_acme - port: 3478 ip: "::" transport: udp module: ejabberd_stun use_turn: true ## The server's public IPv4 address: # turn_ipv4_address: "203.0.113.3" ## The server's public IPv6 address: # turn_ipv6_address: "2001:db8::3" - port: 1883 ip: "::" module: mod_mqtt backlog: 1000 s2s_use_starttls: optional acl: local: user_regexp: "" loopback: ip: - 127.0.0.0/8 - ::1/128 access_rules: local: allow: local c2s: deny: blocked allow: all announce: allow: admin configure: allow: admin muc_create: allow: local pubsub_createnode: allow: local trusted_network: allow: loopback api_permissions: "console commands": from: - ejabberd_ctl - mod_http_api who: all what: "*" "admin access": who: access: allow: - ip: "127.0.0.1/8" - acl: loopback - acl: admin oauth: scope: "ejabberd:admin" access: allow: - ip: "127.0.0.1/8" - acl: loopback - acl: admin what: - "*" - "!stop" - "!start" "public commands": who: ip: 127.0.0.1/8 what: - "*" "API used from localhost allows all calls": who: ip: 127.0.0.1/8 what: - "*" - "!stop" - "!start" shaper: normal: rate: 3000 burst_size: 20000 fast: 100000 shaper_rules: max_user_sessions: 10 max_user_offline_messages: 5000: admin 100: all c2s_shaper: none: admin normal: all s2s_shaper: fast modules: mod_adhoc: {} mod_admin_extra: {} mod_announce: access: announce mod_avatar: {} mod_blocking: {} mod_bosh: {} mod_caps: {} mod_carboncopy: {} mod_client_state: {} mod_configure: {} mod_disco: {} mod_fail2ban: {} mod_http_api: {} mod_http_upload: put_url: https://@HOST@:5443/upload custom_headers: "Access-Control-Allow-Origin": "https://@HOST@" "Access-Control-Allow-Methods": "GET,HEAD,PUT,OPTIONS" "Access-Control-Allow-Headers": "Content-Type" mod_last: {} mod_mam: ## Mnesia is limited to 2GB, better to use an SQL backend ## For small servers SQLite is a good fit and is very easy ## to configure. Uncomment this when you have SQL configured: ## db_type: sql assume_mam_usage: true default: always mod_mqtt: {} mod_muc: access: - allow access_admin: - allow: admin access_create: muc_create access_persistent: muc_create access_mam: - allow default_room_options: mam: true mod_muc_admin: {} mod_offline: access_max_user_messages: max_user_offline_messages mod_ping: {} mod_privacy: {} mod_private: {} mod_proxy65: access: local max_connections: 5 mod_pubsub: access_createnode: pubsub_createnode plugins: - flat - pep force_node_config: ## Avoid buggy clients to make their bookmarks public storage:bookmarks: access_model: whitelist mod_push: {} mod_push_keepalive: {} mod_register: ## Only accept registration requests from the "trusted" ## network (see access_rules section above). ## Think twice before enabling registration from any ## address. See the Jabber SPAM Manifesto for details: ## https://github.com/ge0rg/jabber-spam-fighting-manifesto ip_access: trusted_network mod_roster: versioning: true mod_s2s_dialback: {} mod_shared_roster: {} mod_stream_mgmt: resend_on_timeout: if_offline mod_stun_disco: {} mod_vcard: {} mod_vcard_xupdate: {} mod_version: show_os: false allow_contrib_modules: true sql_type: mysql sql_server: localhost sql_port: 3306 sql_database: ejabberd sql_username: ejabberd sql_password: password sql_pool_size: 5 auth_use_cache: false auth_password_format: scram auth_method: http auth_opts: host: "http://localhost:8080" path_prefix: "/api/v1/auth/" connection_pool_size: 10 connection_opts: [] basic_auth: "" ```

Please help me with the solution.

[licaon-kter]

mod_register says "trusted network" so only "loopback"

Where are you registering from?

[pinanklakhani]

Trying to register by 2 ways

1.) Command line

ejabberdctl register user1 localhost password

2.) API

curl --location 'http://localhost:5443/api/register' \
--header 'Content-Type: application/json' \
--data '{
    "user": "user1",
    "password": "password",
    "host": "localhost"
}'

None of the ways are working

[pinanklakhani]

@licaon-kter Trying to access from local only

[licaon-kter]

Remove auth method and auth opts, reload, then test via ejabberdctl, does that work?

What do the logs say?

[badlop]

Please notice that the register query should return 201 in case of success, not 200. See https://github.com/processone/ejabberd-contrib/tree/master/ejabberd_auth_http#register

This is what the query sent by ejabberd and the response that your HTTP service in port 8080 should provide:

POST /auth/register HTTP/1.1
Host: localhost:8080
Content-Length: 36
Authorization: Basic 
Content-Type: application/x-www-form-urlencoded

user=user6&server=localhost&pass=asd

HTTP/1.1 201 Created
Content-Length: 1
Access-Control-Allow-Headers: Content-Type, Authorization, X-Admin
Access-Control-Allow-Origin: *
Content-Type: application/json

0

Notice the 201 response that your HTTP service should provide to ejabberd.

[pinanklakhani]

@badlop It worked but it didnt create entry in users table of ejabberd database like it does with auth_method: sql.

So with auth_method: sql , it is creating entry in following tables,

2023-02-21 10:30:23.989562+05:30 [debug] <0.490.0>@ejabberd_sql:sql_query_internal/1:713 SQL: "select password, serverkey, salt, iterationcount from users where username='user4' and 0=0"
2023-02-21 10:30:24.014507+05:30 [debug] <0.491.0>@ejabberd_sql:sql_query_internal/1:713 SQL: "INSERT INTO users(username, password, serverkey, salt, iterationcount) VALUES ('user4', 'GY3eRi8XlqIlwbkmLbhvq/dfWwg=', 'yaGm/HxK/LU5hHuNI4RhVDmlopQ=', 'ZYqvUUoF9oJze+eFCJoYrQ==', 4096);"
2023-02-21 10:30:24.016637+05:30 [debug] <0.598.0>@ejabberd_hooks:safe_apply/4:315 Running hook register_user: mod_last:register_user/2
2023-02-21 10:30:24.016870+05:30 [debug] <0.492.0>@ejabberd_sql:sql_query_internal/1:713 SQL: "INSERT INTO last(username, seconds, state) VALUES ('user4', '1676955624', 'Registered but didn''t login') ON DUPLICATE KEY UPDATE seconds=VALUES(seconds), state=VALUES(state)"
2023-02-21 10:30:24.017902+05:30 [debug] <0.598.0>@ejabberd_hooks:safe_apply/4:315 Running hook register_user: mod_shared_roster:register_user/2
2023-02-21 10:30:24.018167+05:30 [debug] <0.488.0>@ejabberd_sql:sql_query_internal/1:713 SQL: "select grp from sr_user where jid='user4@localhost' and 0=0"

And with auth_method: http , the execution flow is as below

2023-02-21 10:31:05.089474+05:30 [debug] <0.598.0>@ejabberd_auth_http:make_req/5:215 Making request 'user_exists' for user user5@localhost...
2023-02-21 10:31:05.091527+05:30 [debug] <0.598.0>@ejabberd_auth_http:make_req/5:223 Request result: 200: <<"false">>
2023-02-21 10:31:05.091708+05:30 [debug] <0.598.0>@ejabberd_auth_http:make_req/5:215 Making request 'register' for user user5@localhost...
2023-02-21 10:31:05.093234+05:30 [debug] <0.598.0>@ejabberd_auth_http:make_req/5:223 Request result: 201: <<"true">>
2023-02-21 10:31:05.093372+05:30 [debug] <0.598.0>@ejabberd_hooks:safe_apply/4:315 Running hook register_user: mod_last:register_user/2
2023-02-21 10:31:05.093636+05:30 [debug] <0.490.0>@ejabberd_sql:sql_query_internal/1:713 SQL: "INSERT INTO last(username, seconds, state) VALUES ('user5', '1676955665', 'Registered but didn''t login') ON DUPLICATE KEY UPDATE seconds=VALUES(seconds), state=VALUES(state)"
2023-02-21 10:31:05.097776+05:30 [debug] <0.598.0>@ejabberd_hooks:safe_apply/4:315 Running hook register_user: mod_shared_roster:register_user/2
2023-02-21 10:31:05.098036+05:30 [debug] <0.491.0>@ejabberd_sql:sql_query_internal/1:713 SQL: "select grp from sr_user where jid='user5@localhost' and 0=0"

So its calling webhook methods and not creating entry in users table. So do we have to write that code in webhook register method or something is missing in config?

[licaon-kter]

Not sure it should create in sql since you tell it to use that http to auth, meaning users are kept elsewhere.

Does messaging work?

[pinanklakhani]

@licaon-kter @badlop Also i wanted to authenticate my external JWT token at the time of connection and registration. So i tried to take JWT token in password field but its throwing an error

{
    "status": "error",
    "code": 10001,
    "message": "Can't register user user7@localhost at node ejabberd@localhost: The password contains unacceptable characters"
}

Any alternate way?

Also what should i do with password? As chat is a feature in my platform and we already have a login page

[licaon-kter]

First test that everything works BEFORE jwt and http auth.

Then try http...

Then JWT...

Mixing 3 ways to auth will not help.

[pinanklakhani]

First test that everything works BEFORE jwt and http auth.

Then try http...

Then JWT...

Mixing 3 ways to auth will not help.

Yes rest things are working fine. Some issue was there from my end it is resolved. Now how to deal with JWT for auth and register?

[pinanklakhani]

Not sure it should create in sql since you tell it to use that http to auth, meaning users are kept elsewhere.

Does messaging work?

Yes Working

[pinanklakhani]

@badlop @licaon-kter I am using ejabberd to develop a feature in my platform so there is already login, register page and also JWT. So now how can i pass token while connecting to xmpp server for the first time or at the time of register using curl request

curl --location 'http://localhost:5443/api/register' \
--header 'Content-Type: application/json' \
--data '{
    "user": "user1",
    "password": "password",
    "host": "localhost"
}'

I don't need password field. i have JWT instead.

I tried by passing jwt token in password field but its giving following error

{
    "status": "error",
    "code": 10001,
    "message": "Can't register user user7@localhost at node ejabberd@localhost: The password contains unacceptable characters"
}

[badlop]

Sorry, I missed this question. Did you already solve the problem and this issue can be closed? Or is the problem still present?

[pinanklakhani]

Sorry, I missed this question. Did you already solve the problem and this issue can be closed? Or is the problem still present?

Np @badlop We can close the issue. It is solved.