Using the following ACL and mod_register rules I can:
a) Register a new user when logged in as the admin user - GOOD
b) Registration denied when I'm logged in as a non-admin user - GOOD
c) Register a new user when connected _without_ authentication - BAD!!!!!!!!
Can someone shed light on the fact that access_from is reliable with its ACL until an anonymous user attempts the registration? Shouldn't it be disabled? Am I missing something in the ACL, like {deny, s2s} ?
{access, restrict_others, [{allow, admin}, {deny, all}]}.
{modules,
[
{mod_register, [{access_from, restrict_others} ] }
]}.
The option access_from was
The option access_from was only designed to restrict JIDs of authenticated users.
But I think removing two lines allows far more configurations:
--- a/src/mod_register.erl +++ b/src/mod_register.erl @@ -414,8 +414,6 @@ send_registration_notifications(UJID, Source) -> ok end. -check_from(#jid{user = "", server = ""}, _Server) -> - allow; check_from(JID, Server) -> Access = gen_mod:get_module_opt(Server, ?MODULE, access_from, none), acl:match_rule(Server, Access, JID).With that patch now I can configure what you want:
%% Only admins can register accounts, not even unauthenticated users (requires patch) {access, register_from, [{allow, admin}, {deny, all}]}. %% Only authenticated users can register (requires patch) %%{acl, unauthenticated, {user, "", ""}}. %%{access, register_from, [{deny, unauthenticated}, {allow, all}]}.Thank you so much! We will
Thank you so much! We will definitely apply this... I wonder if this should become a trunk modification for future users of access_from ?
Gordon wrote: Thank you so
Thank you so much! We will definitely apply this... I wonder if this should become a trunk modification for future users of access_from ?
Once you try it and comment here that it works perfectly, I'll request the change for inclusion in trunk.
Gordon? Have you tested this
Gordon? Have you tested this yet? I need this feature too.