ejabberd_auth_http: fusco_lib.erl deprecation warnings

pl-bamboo commented 1 week ago

on the ejabberd-24

ejabberd  | /opt/ejabberd/.ejabberd-modules/sources/ejabberd-contrib/ejabberd_auth_http/deps/fusco/src/fusco_lib.erl:273:22: Warning: http_uri:decode/1 is deprecated and will be removed in OTP 27; use uri_string:unquote function instead
ejabberd  | %  273|                     {http_uri:decode(User), "", HostPortPath};
ejabberd  | %     |                      ^
ejabberd  | 
ejabberd  | /opt/ejabberd/.ejabberd-modules/sources/ejabberd-contrib/ejabberd_auth_http/deps/fusco/src/fusco_lib.erl:275:22: Warning: http_uri:decode/1 is deprecated and will be removed in OTP 27; use uri_string:unquote function instead
ejabberd  | %  275|                     {http_uri:decode(User), http_uri:decode(Passwd),
ejabberd  | %     |                      ^
ejabberd  | 
ejabberd  | /opt/ejabberd/.ejabberd-modules/sources/ejabberd-contrib/ejabberd_auth_http/deps/fusco/src/fusco_lib.erl:275:45: Warning: http_uri:decode/1 is deprecated and will be removed in OTP 27; use uri_string:unquote function instead
ejabberd  | %  275|                     {http_uri:decode(User), http_uri:decode(Passwd),
ejabberd  | %     |                                             ^

badlop commented 1 week ago

ejabberd_auth_http depends on the fusco library, which was last updated 3 years ago... So it's to be expected that it isn't up to date with recent changes. There is no fork with that fixed. Fortunately it's a warning, and will work with Erlang/OTP 26 which is still the recommended version for some months.

Other than that, does ejabberd_auth_http work correctly for you?

pl-bamboo commented 1 week ago

Thanks for explanation!

Also, I'm having some problems integrating the ejabberd_auth_http plugin. I have installed ejabberd to on-premise host behind Nginx, which terminates my ssl with *.mydomain.com wildcard certificate. My authentication server is on another host. I have only enabled port 5280 and am referring to a self-signed certificate, which is probably unnecessary (I also put my certificate in the container and got the same result) When I call: curl -u 'anonymous@ejabberd.mydomain.com:anonymous' https://ejabberd.mydomain.com/api/user_exists -L it was return in logs:

ejabberd  | 08:21:34.364 [debug] Bad Request: {:badmatch,
ejabberd  |  {:error,
ejabberd  |   {:options, :incompatible, [verify: :verify_peer, cacerts: :undefined]}}} [
ejabberd  |   {:ejabberd_auth_http, :http_request, 6,
ejabberd  |    [
ejabberd  |      file: ~c"/opt/ejabberd/.ejabberd-modules/sources/ejabberd-contrib/ejabberd_auth_http/src/ejabberd_auth_http.erl",
ejabberd  |      line: 230
ejabberd  |    ]},
ejabberd  |   {:ejabberd_auth_http, :check_password, 4,
ejabberd  |    [
ejabberd  |      file: ~c"/opt/ejabberd/.ejabberd-modules/sources/ejabberd-contrib/ejabberd_auth_http/src/ejabberd_auth_http.erl",
ejabberd  |      line: 64
ejabberd  |    ]},
ejabberd  |   {:ejabberd_auth, :db_check_password, 7,
ejabberd  |    [file: ~c"src/ejabberd_auth.erl", line: 724]},
ejabberd  |   {:ejabberd_auth, :"-check_password_with_authmodule/6-fun-0-", 8,
ejabberd  |    [file: ~c"src/ejabberd_auth.erl", line: 252]},
ejabberd  |   {:lists, :foldl, 3, [file: ~c"lists.erl", line: 1594]},
ejabberd  |   {:ejabberd_auth, :check_password_with_authmodule, 6,
ejabberd  |    [file: ~c"src/ejabberd_auth.erl", line: 250]},
ejabberd  |   {:ejabberd_auth, :check_password, 6,
ejabberd  |    [file: ~c"src/ejabberd_auth.erl", line: 225]},
ejabberd  |   {:mod_http_api, :extract_auth, 1, [file: ~c"src/mod_http_api.erl", line: 99]}
ejabberd  | ]

When I try to use http endpoint instead of https its return me only 301 responce code without redirection:

ejabberd  | 08:20:48.739 [debug] Request result: 301: "<html>\r\n<head><title>301 Moved Permanently</title></head>\r\n<body>\r\n<center><h1>301 Moved Permanently</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n"
ejabberd  | 
ejabberd  | 08:20:48.769 [debug] Request result: 301: "<html>\r\n<head><title>301 Moved Permanently</title></head>\r\n<body>\r\n<center><h1>301 Moved Permanently</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n"
ejabberd  | 
ejabberd  | 08:20:48.799 [debug] Request result: 301: "<html>\r\n<head><title>301 Moved Permanently</title></head>\r\n<body>\r\n<center><h1>301 Moved Permanently</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n"
ejabberd  | 
ejabberd  | 08:20:48.829 [debug] Request result: 301: "<html>\r\n<head><title>301 Moved Permanently</title></head>\r\n<body>\r\n<center><h1>301 Moved Permanently</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n"
ejabberd  | 
ejabberd  | 08:20:48.858 [debug] Request result: 301: "<html>\r\n<head><title>301 Moved Permanently</title></head>\r\n<body>\r\n<center><h1>301 Moved Permanently</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n"

Could you please tell me what I'm doing wrong

ejabberd.yml

hosts:
  - localhost
  - "ejabberd.mydomain.com"

certfiles:
  - /home/ejabberd/conf/server.pem

ca_file: "/home/ejabberd/conf/cacert.pem"

...
install_contrib_modules:
  - ejabberd_auth_http

auth_method: http
auth_opts:
  host: "http://ejabberd-auth.mydomain.com"
  path_prefix: "/api/v1/"

listen:  
   -
    port: 5280
    ip: "::"
    module: ejabberd_http
    request_handlers:
      "/admin": ejabberd_web_admin
      "/api": mod_http_api
      "/bosh": mod_bosh
      "/captcha": ejabberd_captcha
      "/upload": mod_http_upload
      "/ws": ejabberd_http_ws
      "/oauth": ejabberd_oauth
      "/register": mod_register_web
      "/conversejs": mod_conversejs
      "/xmlrpc": ejabberd_xmlrpc

...

docker-compose.yml

services:
  main:
    image: ghcr.io/processone/ejabberd:24.07
    container_name: ejabberd
    environment:
      - CTL_ON_START=module_install ejabberd_auth_http
    ports:
      - "5280:5280"
    volumes:
      - ./ejabberd.yml:/opt/ejabberd/conf/ejabberd.yml:ro
      - ./database:/opt/ejabberd/database
      - ./package:/opt/ejabberd/conversejs/package

full logs

``` ejabberd | ejabberd | 08:43:31.757 [info] Loading configuration from /opt/ejabberd/conf/ejabberd.yml ejabberd | I'll download "fusco" using git because I can't use Mix to fetch from hex.pm: ejabberd | Runtime terminating during boot ({'cannot get bootfile','/opt/ejabberd-24.07/bin/start.boot'}) ejabberd | ejabberd | Crash dump is being written to: /opt/ejabberd/logs/erl_crash_20241014-084331.dump...done ejabberd | Fetching dependency cuesport: Cloning into 'cuesport'... ejabberd | Fetching dependency fusco: Cloning into 'fusco'... ejabberd | /opt/ejabberd/.ejabberd-modules/sources/ejabberd-contrib/ejabberd_auth_http/deps/fusco/src/fusco_lib.erl:273:22: Warning: http_uri:decode/1 is deprecated and will be removed in OTP 27; use uri_string:unquote function instead ejabberd | % 273| {http_uri:decode(User), "", HostPortPath}; ejabberd | % | ^ ejabberd | ejabberd | /opt/ejabberd/.ejabberd-modules/sources/ejabberd-contrib/ejabberd_auth_http/deps/fusco/src/fusco_lib.erl:275:22: Warning: http_uri:decode/1 is deprecated and will be removed in OTP 27; use uri_string:unquote function instead ejabberd | % 275| {http_uri:decode(User), http_uri:decode(Passwd), ejabberd | % | ^ ejabberd | ejabberd | /opt/ejabberd/.ejabberd-modules/sources/ejabberd-contrib/ejabberd_auth_http/deps/fusco/src/fusco_lib.erl:275:45: Warning: http_uri:decode/1 is deprecated and will be removed in OTP 27; use uri_string:unquote function instead ejabberd | % 275| {http_uri:decode(User), http_uri:decode(Passwd), ejabberd | % | ^ ejabberd | ejabberd | Module ejabberd_auth_http has been installed. ejabberd | Now you can configure it in your ejabberd.yml ejabberd | I'll download "fusco" using git because I can't use Mix to fetch from hex.pm: ejabberd | Runtime terminating during boot ({'cannot get bootfile','/opt/ejabberd-24.07/bin/start.boot'}) ejabberd | ejabberd | Crash dump is being written to: /opt/ejabberd/logs/erl_crash_20241014-084331.dump...done ejabberd | ejabberd | 08:43:33.825 [info] Configuration loaded successfully ejabberd | ejabberd | 08:43:33.923 [debug] Waiting for Mnesia tables synchronization... ejabberd | ejabberd | 08:43:33.935 [debug] No custom Mnesia schema file found at /opt/ejabberd/database/ejabberd.schema ejabberd | ejabberd | 08:43:33.939 [info] Got no NOTIFY_SOCKET, notifications disabled ejabberd | ejabberd | 08:43:33.988 [debug] Loading access rules from config ejabberd | ejabberd | 08:43:33.988 [debug] Access rules loaded successfully ejabberd | ejabberd | 08:43:33.988 [debug] Loading shaper rules from config ejabberd | ejabberd | 08:43:33.988 [debug] Shaper rules loaded successfully ejabberd | ejabberd | 08:43:34.008 [debug] Route registered: localhost ejabberd | ejabberd | 08:43:34.008 [debug] Route registered: ejabberd.mydomain.com ejabberd | I'll download "fusco" using git because I can't use Mix to fetch from hex.pm: ejabberd | Runtime terminating during boot ({'cannot get bootfile','/opt/ejabberd-24.07/bin/start.boot'}) ejabberd | ejabberd | Crash dump is being written to: /opt/ejabberd/logs/erl_crash_20241014-084331.dump...done ejabberd | ejabberd | 08:43:34.182 [info] Loading modules for localhost and ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.182 [debug] Loading mod_adhoc at localhost ejabberd | ejabberd | 08:43:34.182 [debug] Loading mod_ping at localhost ejabberd | ejabberd | 08:43:34.184 [debug] Loading mod_mam at localhost ejabberd | ejabberd | 08:43:34.185 [warning] Mnesia backend for mod_mam is not recommended: it's limited to 2GB and often gets corrupted when reaching this limit. SQL backend is recommended. Namely, for small servers SQLite is a preferred choice because it's very easy to configure. ejabberd | ejabberd | 08:43:34.189 [debug] Loading mod_announce at localhost ejabberd | ejabberd | 08:43:34.195 [debug] Loading mod_offline at localhost ejabberd | ejabberd | 08:43:34.201 [debug] Loading mod_admin_extra at localhost ejabberd | ejabberd | 08:43:34.202 [debug] Loading mod_caps at localhost ejabberd | ejabberd | 08:43:34.212 [debug] Loading mod_pubsub at localhost ejabberd | ejabberd | 08:43:34.213 [debug] Route registered: pubsub.localhost ejabberd | ejabberd | 08:43:34.215 [debug] Loading mod_version at localhost ejabberd | ejabberd | 08:43:34.215 [debug] Loading mod_register at localhost ejabberd | ejabberd | 08:43:34.215 [debug] Loading mod_client_state at localhost ejabberd | ejabberd | 08:43:34.216 [debug] Loading mod_roster at localhost ejabberd | ejabberd | 08:43:34.232 [debug] Loading mod_http_upload at localhost ejabberd | ejabberd | 08:43:34.233 [debug] Route registered: upload.localhost ejabberd | ejabberd | 08:43:34.233 [debug] Loading mod_sip at localhost ejabberd | ejabberd | 08:43:34.235 [debug] Loading mod_http_api at localhost ejabberd | ejabberd | 08:43:34.236 [debug] Loading mod_s2s_dialback at localhost ejabberd | ejabberd | 08:43:34.236 [debug] Loading mod_stream_mgmt at localhost ejabberd | ejabberd | 08:43:34.241 [debug] Loading mod_carboncopy at localhost ejabberd | ejabberd | 08:43:34.241 [debug] Loading mod_fail2ban at localhost ejabberd | ejabberd | 08:43:34.241 [debug] Loading mod_shared_roster at localhost ejabberd | ejabberd | 08:43:34.247 [debug] Loading mod_muc at localhost ejabberd | ejabberd | 08:43:34.258 [debug] Route registered: conference.localhost ejabberd | ejabberd | 08:43:34.260 [debug] Loading rooms at conference.localhost ejabberd | ejabberd | 08:43:34.260 [debug] Loading mod_muc_admin at localhost ejabberd | ejabberd | 08:43:34.260 [debug] Loading mod_private at localhost ejabberd | ejabberd | 08:43:34.268 [debug] Loading mod_privacy at localhost ejabberd | ejabberd | 08:43:34.281 [debug] Loading mod_disco at localhost ejabberd | ejabberd | 08:43:34.282 [debug] Loading mod_vcard at localhost ejabberd | ejabberd | 08:43:34.289 [debug] Loading mod_vcard_xupdate at localhost ejabberd | ejabberd | 08:43:34.295 [debug] Loading mod_avatar at localhost ejabberd | ejabberd | 08:43:34.295 [debug] Loading mod_blocking at localhost ejabberd | ejabberd | 08:43:34.295 [debug] Loading mod_bosh at localhost ejabberd | ejabberd | 08:43:34.295 [debug] Loading mod_push at localhost ejabberd | ejabberd | 08:43:34.302 [debug] Loading mod_push_keepalive at localhost ejabberd | ejabberd | 08:43:34.302 [debug] Loading mod_last at localhost ejabberd | ejabberd | 08:43:34.309 [debug] Loading mod_configure at localhost ejabberd | ejabberd | 08:43:34.309 [debug] Loading mod_mqtt at localhost ejabberd | ejabberd | 08:43:34.318 [info] Building MQTT cache for localhost, this may take a while ejabberd | ejabberd | 08:43:34.318 [debug] Loading mod_proxy65 at localhost ejabberd | ejabberd | 08:43:34.322 [debug] Route registered: proxy.localhost ejabberd | ejabberd | 08:43:34.322 [debug] Loading mod_adhoc at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.322 [debug] Loading mod_conversejs at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.322 [debug] Loading mod_ping at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.322 [debug] Loading mod_mam at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.322 [warning] Mnesia backend for mod_mam is not recommended: it's limited to 2GB and often gets corrupted when reaching this limit. SQL backend is recommended. Namely, for small servers SQLite is a preferred choice because it's very easy to configure. ejabberd | ejabberd | 08:43:34.323 [debug] Loading mod_announce at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.323 [debug] Loading mod_offline at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.323 [debug] Loading mod_admin_extra at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.323 [debug] Loading mod_caps at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.324 [debug] Loading mod_pubsub at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.324 [debug] Route registered: pubsub.ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.324 [debug] Loading mod_version at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.324 [debug] Loading mod_register at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.324 [debug] Loading mod_client_state at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.324 [debug] Loading mod_roster at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.325 [debug] Loading mod_http_upload at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.325 [debug] Route registered: upload.ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.325 [debug] Loading mod_sip at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.325 [debug] Loading mod_http_api at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.325 [debug] Loading mod_s2s_dialback at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.325 [debug] Loading mod_stream_mgmt at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.325 [debug] Loading mod_carboncopy at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.325 [debug] Loading mod_fail2ban at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.326 [debug] Loading mod_shared_roster at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.326 [debug] Loading mod_muc at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.326 [debug] Route registered: conference.ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.327 [debug] Loading rooms at conference.ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.327 [debug] Loading mod_muc_admin at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.327 [debug] Loading mod_private at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.327 [debug] Loading mod_privacy at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.327 [debug] Loading mod_disco at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.327 [debug] Loading mod_vcard at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.327 [debug] Loading mod_vcard_xupdate at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.328 [debug] Loading mod_avatar at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.328 [debug] Loading mod_blocking at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.328 [debug] Loading mod_bosh at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.328 [debug] Loading mod_push at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.328 [debug] Loading mod_push_keepalive at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.328 [debug] Loading mod_last at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.328 [debug] Loading mod_configure at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.328 [debug] Loading mod_mqtt at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.328 [info] Building MQTT cache for ejabberd.mydomain.com, this may take a while ejabberd | ejabberd | 08:43:34.329 [debug] Loading mod_proxy65 at ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.329 [debug] Route registered: proxy.ejabberd.mydomain.com ejabberd | ejabberd | 08:43:34.329 [warning] The option captcha_cmd is not configured, but some module wants to use the CAPTCHA feature. ejabberd | ejabberd | 08:43:34.351 [info] Waiting for Mnesia synchronization to complete ejabberd | ejabberd | 08:43:34.352 [debug] Running hook :ejabberd_started: :ejabberd_pkix::ejabberd_started/0 ejabberd | ejabberd | 08:43:34.363 [debug] Using CA root certificates from: /opt/ejabberd/conf/cacert.pem ejabberd | ejabberd | 08:43:34.387 [warning] Invalid certificate in /opt/ejabberd/conf/server.pem: at line 53: self-signed certificate ejabberd | ejabberd | 08:43:34.392 [debug] Running hook :ejabberd_started: :mod_push_keepalive::ejabberd_started/0 ejabberd | ejabberd | 08:43:34.393 [debug] Running hook :ejabberd_started: :ejabberd_acme::ejabberd_started/0 ejabberd | ejabberd | 08:43:34.393 [debug] Closing NOTIFY_SOCKET ejabberd | ejabberd | 08:43:34.393 [debug] No NOTIFY_SOCKET, dropping READY=1 notification ejabberd | ejabberd | 08:43:34.394 [debug] Checking consistency of applications: asn1, base64url, cache_tab, compiler, crypto, eimp, ejabberd, elixir, epam, eredis, esip, ezlib, fast_tls, fast_xml, fast_yaml, idna, inets, jiffy, jose, kernel, logger, luerl, mix, mnesia, mqtree, observer, odbc, os_mon, p1_acme, p1_mysql, p1_oauth2, p1_pgsql, p1_utils, pkix, public_key, sasl, sqlite3, ssl, stdlib, stringprep, stun, syntax_tools, unicode_util_compat, xmerl, xmpp, yconf ejabberd | ejabberd | 08:43:34.394 [info] ejabberd 24.7.0 is started in the node :ejabberd@localhost in 2.69s ejabberd | ejabberd | 08:43:34.396 [info] Start accepting TCP connections at [::]:5222 for :ejabberd_c2s ejabberd | ejabberd | 08:43:34.396 [info] Start accepting TCP connections at [::]:5280 for :ejabberd_http ejabberd | ejabberd | 08:43:34.396 [info] Start accepting TCP connections at 172.18.0.2:7777 for :mod_proxy65_stream ejabberd | ejabberd | 08:43:34.397 [info] Start accepting TCP connections at [::]:1883 for :mod_mqtt ejabberd | ejabberd | 08:43:34.397 [info] Start accepting TCP connections at [::]:5269 for :ejabberd_s2s_in ejabberd | ejabberd | 08:43:35.224 [debug] All applications are intact ejabberd | ejabberd | 08:43:38.716 [debug] Closing NOTIFY_SOCKET ejabberd | ejabberd | 08:43:38.716 [debug] No NOTIFY_SOCKET, dropping RELOADING=1 notification ejabberd | ejabberd | 08:43:38.716 [info] Reloading configuration from /opt/ejabberd/conf/ejabberd.yml ejabberd | ejabberd | 08:43:38.746 [debug] Running hook :config_reloaded: :acl::reload_from_config/0 ejabberd | ejabberd | 08:43:38.746 [debug] Loading access rules from config ejabberd | ejabberd | 08:43:38.746 [debug] Access rules loaded successfully ejabberd | ejabberd | 08:43:38.746 [debug] Running hook :config_reloaded: :ejabberd_shaper::reload_from_config/0 ejabberd | ejabberd | 08:43:38.747 [debug] Loading shaper rules from config ejabberd | ejabberd | 08:43:38.747 [debug] Shaper rules loaded successfully ejabberd | ejabberd | 08:43:38.747 [debug] Running hook :config_reloaded: :ejabberd_sql_sup::config_reloaded/0 ejabberd | ejabberd | 08:43:38.747 [debug] Running hook :config_reloaded: :ejabberd_acme::register_certfiles/0 ejabberd | ejabberd | 08:43:38.747 [debug] Running hook :config_reloaded: :ejabberd_auth::config_reloaded/0 ejabberd | ejabberd | 08:43:38.747 [debug] Running hook :config_reloaded: :ejabberd_cluster::set_ticktime/0 ejabberd | ejabberd | 08:43:38.747 [debug] Running hook :config_reloaded: :ejabberd_listener::config_reloaded/0 ejabberd | ejabberd | 08:43:38.747 [debug] Running hook :config_reloaded: :ejabberd_oauth::config_reloaded/0 ejabberd | ejabberd | 08:43:38.747 [debug] Running hook :config_reloaded: :ejabberd_router::config_reloaded/0 ejabberd | ejabberd | 08:43:38.747 [debug] Running hook :config_reloaded: :ejabberd_sm::config_reloaded/0 ejabberd | ejabberd | 08:43:38.747 [debug] Running hook :config_reloaded: :ejabberd_system_monitor::config_reloaded/0 ejabberd | ejabberd | 08:43:38.747 [debug] Running hook :config_reloaded: :gen_mod::config_reloaded/0 ejabberd | ejabberd | 08:43:38.747 [debug] Running hook :config_reloaded: :ejabberd_access_permissions::invalidate/0 ejabberd | ejabberd | 08:43:38.747 [debug] Running hook :config_reloaded: :ejabberd_pkix::config_reloaded/0 ejabberd | ejabberd | 08:43:38.747 [debug] Using CA root certificates from: /opt/ejabberd/conf/cacert.pem ejabberd | ejabberd | 08:43:38.767 [warning] Invalid certificate in /opt/ejabberd/conf/server.pem: at line 53: self-signed certificate ejabberd | ejabberd | 08:43:38.767 [debug] Running hook :config_reloaded: :ejabberd_acme::ejabberd_started/0 ejabberd | ejabberd | 08:43:38.767 [info] Configuration reloaded successfully ejabberd | ejabberd | 08:43:38.768 [debug] Closing NOTIFY_SOCKET ejabberd | ejabberd | 08:43:38.768 [debug] No NOTIFY_SOCKET, dropping READY=1 notification ejabberd | ejabberd | 08:43:49.651 [info] (#PID<0.952.0>) Accepted connection [::ffff:172.18.0.1]:12987 -> [::ffff:172.18.0.2]:5280 ejabberd | ejabberd | 08:43:49.670 [debug] S: [ ejabberd | {["admin"], :ejabberd_web_admin}, ejabberd | {["api"], :mod_http_api}, ejabberd | {["bosh"], :mod_bosh}, ejabberd | {["captcha"], :ejabberd_captcha}, ejabberd | {["upload"], :mod_http_upload}, ejabberd | {["ws"], :ejabberd_http_ws}, ejabberd | {["oauth"], :ejabberd_oauth}, ejabberd | {["register"], :mod_register_web}, ejabberd | {["conversejs"], :mod_conversejs}, ejabberd | {["xmlrpc"], :ejabberd_xmlrpc} ejabberd | ] ejabberd | ejabberd | ejabberd | 08:43:49.673 [debug] (#Port<0.33>) http query: :GET "/api/user_exists" ejabberd | ejabberd | ejabberd | 08:43:49.674 [debug] ["api", "user_exists"] matches ["api"] ejabberd | ejabberd | 08:43:49.674 [info] API call user_exists [] ({0, 0, 0, 0, 0, 65535, 44050, 1}) ejabberd | ejabberd | 08:43:49.679 [debug] Making request 'check_password' for user anonymous@ejabberd.mydomain.com... ejabberd | ejabberd | 08:43:49.690 [debug] Bad Request: {:badmatch, ejabberd | {:error, ejabberd | {:options, :incompatible, [verify: :verify_peer, cacerts: :undefined]}}} [ ejabberd | {:ejabberd_auth_http, :http_request, 6, ejabberd | [ ejabberd | file: ~c"/opt/ejabberd/.ejabberd-modules/sources/ejabberd-contrib/ejabberd_auth_http/src/ejabberd_auth_http.erl", ejabberd | line: 230 ejabberd | ]}, ejabberd | {:ejabberd_auth_http, :check_password, 4, ejabberd | [ ejabberd | file: ~c"/opt/ejabberd/.ejabberd-modules/sources/ejabberd-contrib/ejabberd_auth_http/src/ejabberd_auth_http.erl", ejabberd | line: 64 ejabberd | ]}, ejabberd | {:ejabberd_auth, :db_check_password, 7, ejabberd | [file: ~c"src/ejabberd_auth.erl", line: 724]}, ejabberd | {:ejabberd_auth, :"-check_password_with_authmodule/6-fun-0-", 8, ejabberd | [file: ~c"src/ejabberd_auth.erl", line: 252]}, ejabberd | {:lists, :foldl, 3, [file: ~c"lists.erl", line: 1594]}, ejabberd | {:ejabberd_auth, :check_password_with_authmodule, 6, ejabberd | [file: ~c"src/ejabberd_auth.erl", line: 250]}, ejabberd | {:ejabberd_auth, :check_password, 6, ejabberd | [file: ~c"src/ejabberd_auth.erl", line: 225]}, ejabberd | {:mod_http_api, :extract_auth, 1, [file: ~c"src/mod_http_api.erl", line: 99]} ejabberd | ] ```

badlop commented 1 week ago

Hi, I tried to replicate your problem, but I faced a pair of inconsistencies before reaching that state.

You are calling user_exists, which is not defined in https://docs.ejabberd.im/developer/ejabberd-api/admin-api/

If I try that query, I get as response "unknown_command"

Surprisingly, in you case that query gets converted to the proper command, called check_password

I don't know what implements that command-name conversion, did you install any other module, or using an older container image?

The ejabberd container image does not include mix or git, that means dependencies cannot get downloaded. This is what I get when I try your docker-compose using podman:

[main] | 10:02:42.489 [info] Start accepting TCP connections at [::]:5280 for :ejabberd_http
[main] | :> ejabberdctl module_install ejabberd_auth_http
[main] | I'll download "fusco" using git because I can't use Mix to fetch from hex.pm:
[main] | /bin/sh: mix: not found
[main] | Fetching dependency cuesport: /bin/sh: git: not found
[main] | Fetching dependency fusco: /bin/sh: git: not found
[main] | Module ejabberd_auth_http has been installed.
[main] | Now you can configure it in your ejabberd.yml
[main] | I'll download "fusco" using git because I can't use Mix to fetch from hex.pm:
[main] | /bin/sh: mix: not found

In your ejabberd log file, it shows git is installed and used. Did you install it manually, or are using another container image?

The precise problem appears when ejabberd_auth_http executes fusco:request(Connection, Url, MethodStr, Headers, Query, 2, 5000),

this should return {ok, ...} but it instead returns

{:error,
    {:options, :incompatible, [verify: :verify_peer, cacerts: :undefined]}
}

I don't know if that means that some option provided to fusco is problematic, or maybe there was some problem and fusco is simply returning the options it used...

processone / ejabberd-contrib

ejabberd_auth_http: fusco_lib.erl deprecation warnings #338