Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ACL check fails for HipChat chat rooms #766

Closed
nulfox opened this issue May 26, 2016 · 4 comments
Closed

ACL check fails for HipChat chat rooms #766

nulfox opened this issue May 26, 2016 · 4 comments
Assignees
@zoni

Comments

@nulfox
Copy link
Contributor

nulfox commented May 26, 2016

With new version, seeing ACL checks failing for MUC rooms. Seems to be due to aclattr being added to xmpp backend and being used in get_acl_usr method. XMPPIdentifier.person that is used for aclattr doesn't match the "msg.frm.person" object used later. Not exactly sure how to fix this without potentially breaking things. Can take a look at it again in more depth if no one gets to issue.

aclattr is getting set in backend/xmpp.py:
class XMPPPerson(XMPPIdentifier, Person):
aclattr = XMPPIdentifier.person

And used in core_plugins/acls.py:
def get_acl_usr(msg):
if hasattr(msg.frm, u'aclattr'): # if the identity requires a special field to be used for acl
return msg.frm.aclattr
return msg.frm.person # default

016-05-26 05:52:12,846 DEBUG errbot.errBot *** frm = 201511_test_room@conf.hipchat.com/Test User
2016-05-26 05:52:12,846 DEBUG errbot.errBot *** username = 201511_test_room@conf.hipchat.com/Test User
2016-05-26 05:52:12,846 DEBUG errbot.errBot *** text = !test command host
2016-05-26 05:52:12,846 DEBUG errbot.plugins.ACLS Check test_command for ACLs.
2016-05-26 05:52:12,846 DEBUG errbot.plugins.ACLS ACL frm: 201587_core_infrastructure@conf.hipchat.com/Roman Forkosh
2016-05-26 05:52:12,849 INFO errbot.plugins.ACLS Matching ACL {'allowusers': ('201511_test_room@conf.hipchat.com/Test User')} against username 201511_test_room@conf.hipchat.com for command test_client:test_command
@poiriermike
Copy link

I've run into the same issue myself. Have you found a good workaround yet?

@gbin gbin added the type: bug label Aug 23, 2016
@Jochen2584
Copy link

Did someone find a workaround for the issue?
The issue is open for almost a year now.

@pirxthepilot
Copy link
Contributor

Wondering about this as well. How does one extract a room occupant's real JID?

@nulfox
Copy link
Contributor Author

nulfox commented Jun 21, 2017

I believe the proper fix is to create a HipChatPerson instead of relying on XMPPIdentifier for HipChat, this way, the proper approach can be used without impacting XMPP module. The issue appears to be that XMPPPerson sets aclattr to XMPPIdentifier.person, which does'nt return a JID, so when ACL comparison is made, it's comparing JID == .person.

Quick fix is to remove the aclattrb = XMPPIdentity.person definition in the class. But not sure what impact it will have on XMPP module. Hack for me (using hipchat only) was to just remove the check in acls.py for aclattrib, so it always defaults to JID.

@nulfox nulfox closed this as completed Jul 27, 2018
@ghost ghost removed the type: bug label Jul 27, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zoni zoni

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@zoni @gbin @pirxthepilot @nulfox @poiriermike @Jochen2584