You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Defined access rules within mod_register are not respected when registration is done through REST api, thus it is possible to register blocked usernames.
The change introduced in 1f2b8ad to restrict the register command with mod_register options, as requested in this ticket, has been very problematic (#2828 and #2893).
After considering in more detail the topic, the register command is expected to be run by administrators. So it doesn't make sense to restrict it with mod_register options, which are designed to restrict public account registration. In this sense, the problem initially mentioned in this ticket is not considered a bug, in any case it could be considered a feature request. So, the original behaviour has been restored in commit 4eaba13
Defined access rules within mod_register are not respected when registration is done through REST api, thus it is possible to register blocked usernames.
OS: Debian 9.8
Ejabberd: Debian Backports 18.12.1-2~bpo9+1
module config excerpt
access rules excerpt
acl excerpt
The text was updated successfully, but these errors were encountered: