http_upload button visible but not functional for anonymous users #66
Comments
|
Can you share an example of XMPP config file? |
Not sure why that is relevant, I explained the setup above and it is the standard way of doing exactly that with Prosody. Should it actually be hidden? |
|
It is relevant to reproduce your issue. I have no problem with guest file upload with the following daemonize = false;
admins = { "nioc@localhost" }
plugin_paths = { "/usr/lib/prosody/custom-modules" }
modules_enabled = {
-- Generally required
"roster"; -- Allow users to have a roster. Recommended ;)
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
"tls"; -- Add support for secure TLS on c2s/s2s connections
"dialback"; -- s2s dialback support
"disco"; -- Service discovery
-- Not essential, but recommended
"carbons"; -- Keep multiple clients in sync
"pep"; -- Enables users to publish their avatar, mood, activity, playing music and more
"private"; -- Private XML storage (for room bookmarks, etc.)
"blocklist"; -- Allow users to block communications with other users
"vcard4"; -- User profiles (stored in PEP)
"vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard
-- Nice to have
"version"; -- Replies to server version requests
"uptime"; -- Report how long server has been running
"time"; -- Let others know the time here on this server
"ping"; -- Replies to XMPP pings with pongs
"register"; -- Allow users to register on this server using a client and change passwords
"mam"; -- Store messages in an archive and allow users to access it
-- Admin interfaces
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
-- HTTP modules
"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
"websocket"; -- XMPP over WebSockets
-- Other specific functionality
"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
-- Custom
"http_upload"; -- File upload in muc
}
modules_disabled = {
"s2s"; -- Handle server-to-server connections
}
allow_registration = false
c2s_require_encryption = false
s2s_require_encryption = true
s2s_secure_auth = false
allow_unencrypted_plain_auth = true
disable_sasl_mechanisms = {}
authentication = "internal_hashed"
archive_expires_after = "1w" -- Remove archived messages after 1 week
log = {
{levels = {min = "debug"}, to = "console"};
}
certificates = "certs"
-- custom config for http_upload module
http_upload_file_size_limit = 10485760 -- 10 Mb in bytes
http_upload_expire_after = 60 * 60 * 24 * 1 -- a day in seconds
http_upload_quota = 209715200 -- 200 Mb in bytes
----------- Virtual hosts -----------
consider_bosh_secure = true
consider_websocket_secure = true
cross_domain_websocket = { "http://chat.localhost", "http://localhost", "https://localhost" }
cross_domain_bosh = true
disco_items = {
{ "proxy.localhost", "SOCKS5 file transfert proxy" };
{ "conference.localhost", "Multi users chat" };
{ "upload.localhost", "File upload" };
}
VirtualHost "localhost"
name = "XMPP server"
enabled = true
Component "proxy.localhost" "proxy65"
name = "SOCKS5 file transfert proxy service"
proxy65_address = "localhost"
proxy65_acl = { "localhost" }
Component "conference.localhost" "muc"
modules_enabled = {
"muc_mam";
"vcard_muc";
}
name = "Conferences server"
restrict_room_creation = "local"
max_history_messages = 50
VirtualHost "anon.localhost"
authentication = "anonymous"If you want I spend some of my own free time on your situation, at least give me the information about your usage... |
|
Ah, but that is a rather strange config with the http_upload not configured as a component. How does that even work? And it also force adds the upload stuff to all virtual-hosts via the disco_items setting. I am also not sure if that even works with the new http_file_share module that replaced the old http_upload in Prosody 0.12. My config looks pretty much like the standard one that comes with Prosody by default, and that uses components for the upload, so I still think this is a bug in xmpp-web as under normal circumstances it will not work. |
|
May be, I'm not an XMPP expert, I just use it for my own usage and propose the web GUI to others 😉 As I said, I will not try to reproduce issue without a config file example. |
|
You can also propose a pull request for handling this. |
|
Closing because this issue was inactive for too long and not be planned. |
nioc
added
wontfix
Describe the bug
When using the anonymous login feature one can click on the share file button and select a file, but the actual upload fails
Expected behavior
The button should be just hidden when no suitable http_upload component can be found.
In my specific case the http_upload component for regular users is under
uploads.example.comwhile anonymous users use theanon.example.comvirtual host. Since these two name-spaces are not directly in an hierarchical order, the upload component is probably inaccessible for the anonymous users.I did not check if adding the http_upload component to the mod_disco discovery list makes it available, but it would be probably best that the upload button is hidden unless there is a specific http_upload component under
uploads.anon.example.comthat can be configured specifically for that use-case.The text was updated successfully, but these errors were encountered: