Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

REST API not respecting mod_register access rules #2837

mightyBroccoli opened this issue Mar 20, 2019 · 1 comment

REST API not respecting mod_register access rules #2837

mightyBroccoli opened this issue Mar 20, 2019 · 1 comment


Copy link

mightyBroccoli commented Mar 20, 2019

Defined access rules within mod_register are not respected when registration is done through REST api, thus it is possible to register blocked usernames.

OS: Debian 9.8
Ejabberd: Debian Backports 18.12.1-2~bpo9+1

module config excerpt
    access: access_register
access rules excerpt
     - deny: blocked
     - allow
acl excerpt
      - "hostmaster"
      - "ejabberd"
Copy link

badlop commented May 28, 2019

The change introduced in 1f2b8ad to restrict the register command with mod_register options, as requested in this ticket, has been very problematic (#2828 and #2893).

After considering in more detail the topic, the register command is expected to be run by administrators. So it doesn't make sense to restrict it with mod_register options, which are designed to restrict public account registration. In this sense, the problem initially mentioned in this ticket is not considered a bug, in any case it could be considered a feature request. So, the original behaviour has been restored in commit 4eaba13

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet

No branches or pull requests

3 participants