<fmt:message key="reg.settings.title"/>

<%@ page contentType="text/html; charset=UTF-8" %> <%-- - - Copyright (C) 2004-2008 Jive Software, 2017-2025 Ignite Realtime Foundation. All rights reserved. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. --%> <%@ page errorPage="error.jsp" %> <%@ page import="org.jivesoftware.openfire.XMPPServer" %> <%@ page import="org.jivesoftware.openfire.handler.IQRegisterHandler" %> <%@ page import="org.jivesoftware.openfire.net.SASLAuthentication" %> <%@ page import="org.jivesoftware.openfire.sasl.AnonymousSaslServer" %> <%@ page import="org.jivesoftware.openfire.session.LocalClientSession" %> <%@ page import="org.jivesoftware.openfire.user.UserManager" %> <%@ page import="org.jivesoftware.util.CookieUtils" %> <%@ page import="org.jivesoftware.util.ParamUtils" %> <%@ page import="org.jivesoftware.util.StringUtils" %> <%@ page import="java.util.stream.Collectors" %> <%@ page import="org.jivesoftware.util.IpUtils" %> <%@ page import="java.util.*" %> <%@ taglib uri="admin" prefix="admin" %> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> <%@ taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt" %> <%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %> <% webManager.init(request, response, session, application, out ); %> <fmt:message key="reg.settings.title"/> <% // Get parameters boolean save = request.getParameter("save") != null; boolean inbandEnabled = ParamUtils.getBooleanParameter(request, "inbandEnabled"); boolean canChangePassword = ParamUtils.getBooleanParameter(request, "canChangePassword"); boolean anonLogin = ParamUtils.getBooleanParameter(request, "anonLogin"); boolean futureUsersEnabled = ParamUtils.getBooleanParameter(request, "futureUsersEnabled"); String deleteBlockedIP = ParamUtils.getParameter(request, "deleteBlockedIP"); String deleteAllowedIP = ParamUtils.getParameter(request, "deleteAllowedIP"); String deleteAllowedAnonymIP = ParamUtils.getParameter(request, "deleteAllowedAnonymIP"); String blockValue = ParamUtils.getParameter(request, "blockValue"); String allowValue = ParamUtils.getParameter(request, "allowValue"); String allowAnonymValue = ParamUtils.getParameter(request, "allowAnonymValue"); final Map errors = new HashMap<>(); // Get an IQRegisterHandler: IQRegisterHandler regHandler = XMPPServer.getInstance().getIQRegisterHandler(); Cookie csrfCookie = CookieUtils.getCookie(request, "csrf"); String csrfParam = ParamUtils.getParameter(request, "csrf"); final Enumeration parameterNames = request.getParameterNames(); final String mechEnabledPrefix = "mech-enabled-"; final List mechsEnabled = new ArrayList<>(); while ( parameterNames.hasMoreElements() ) { final String parameterName = parameterNames.nextElement(); if (parameterName.startsWith( mechEnabledPrefix )) { mechsEnabled.add( parameterName.substring( mechEnabledPrefix.length() ) ); } } if (save || blockValue != null || deleteBlockedIP != null || allowValue != null || deleteAllowedIP != null || allowAnonymValue != null || deleteAllowedAnonymIP != null) { if (csrfCookie == null || csrfParam == null || !csrfCookie.getValue().equals(csrfParam)) { errors.put("csrf", "csrf"); save = false; deleteBlockedIP = null; blockValue = null; deleteAllowedIP = null; allowValue = null; deleteAllowedAnonymIP = null; allowAnonymValue = null; } } csrfParam = StringUtils.randomString(15); CookieUtils.setCookie(request, response, "csrf", csrfParam, -1); pageContext.setAttribute("csrf", csrfParam); if (deleteBlockedIP != null && errors.isEmpty()) { final Set blocklist = LocalClientSession.getBlacklistedIPs(); if (blocklist.remove(deleteBlockedIP) ) { LocalClientSession.setBlacklistedIPs(blocklist); webManager.logEvent("edited registration settings", "Removed value from list of blocked IP/IP-ranges: " + deleteBlockedIP); } } if (blockValue != null && errors.isEmpty()) { if (!IpUtils.isValidIpAddressOrRange(blockValue)) { errors.put("blockValue", "invalid-syntax"); } else { final Set blocklist = LocalClientSession.getBlacklistedIPs(); if (blocklist.add(blockValue)) { LocalClientSession.setBlacklistedIPs(blocklist); webManager.logEvent("edited registration settings", "Added value to list of blocked IP/IP-ranges: " + blockValue); blockValue = null; } } } if (deleteAllowedIP != null && errors.isEmpty()) { final Set allowlist = LocalClientSession.getWhitelistedIPs(); if (allowlist.remove(deleteAllowedIP) ) { LocalClientSession.setWhitelistedIPs(allowlist); webManager.logEvent("edited registration settings", "Removed value from list of allowed IP/IP-ranges: " + deleteAllowedIP); } } if (allowValue != null && errors.isEmpty()) { if (!IpUtils.isValidIpAddressOrRange(allowValue)) { errors.put("allowValue", "invalid-syntax"); } else { final Set allowlist = LocalClientSession.getWhitelistedIPs(); if (allowlist.add(allowValue)) { LocalClientSession.setWhitelistedIPs(allowlist); webManager.logEvent("edited registration settings", "Added value to list of allowed IP/IP-ranges: " + blockValue); allowValue = null; } } } if (deleteAllowedAnonymIP != null && errors.isEmpty()) { final Set allowlist = LocalClientSession.getWhitelistedAnonymousIPs(); if (allowlist.remove(deleteAllowedAnonymIP) ) { LocalClientSession.setWhitelistedAnonymousIPs(allowlist); webManager.logEvent("edited registration settings", "Removed value from list of allowed anonymous IP/IP-ranges: " + deleteAllowedIP); } } if (allowAnonymValue != null && errors.isEmpty()) { if (!IpUtils.isValidIpAddressOrRange(allowAnonymValue)) { errors.put("allowAnonymValue", "invalid-syntax"); } else { final Set allowlist = LocalClientSession.getWhitelistedAnonymousIPs(); if (allowlist.add(allowAnonymValue)) { LocalClientSession.setWhitelistedAnonymousIPs(allowlist); webManager.logEvent("edited registration settings", "Added value to list of allowed anonymous IP/IP-ranges: " + blockValue); allowAnonymValue = null; } } } if (save && errors.isEmpty()) { regHandler.setInbandRegEnabled(inbandEnabled); regHandler.setCanChangePassword(canChangePassword); AnonymousSaslServer.ENABLED.setValue(anonLogin); UserManager.ALLOW_FUTURE_USERS.setValue( futureUsersEnabled ); SASLAuthentication.setEnabledMechanisms( mechsEnabled ); // Log the event webManager.logEvent("edited registration settings", "inband enabled = "+inbandEnabled+"\ncan change password = "+canChangePassword+"\nanon login = "+anonLogin+"\nFuture users enabled = "+futureUsersEnabled+"\nSASL mechanisms enabled = "+ mechsEnabled); } // Reset the value of page vars: inbandEnabled = regHandler.isInbandRegEnabled(); canChangePassword = regHandler.canChangePassword(); anonLogin = AnonymousSaslServer.ENABLED.getValue(); futureUsersEnabled = UserManager.ALLOW_FUTURE_USERS.getValue(); pageContext.setAttribute( "errors", errors ); pageContext.setAttribute( "readOnly", UserManager.getUserProvider().isReadOnly() ); pageContext.setAttribute( "inbandEnabled", inbandEnabled ); pageContext.setAttribute( "canChangePassword", canChangePassword ); pageContext.setAttribute( "anonLogin", anonLogin ); pageContext.setAttribute( "blockedIPs", LocalClientSession.getBlacklistedIPs().stream().sorted().collect(Collectors.toList())); pageContext.setAttribute( "allowedIPs", LocalClientSession.getWhitelistedIPs().stream().sorted().collect(Collectors.toList())); pageContext.setAttribute( "allowedAnonymIPs", LocalClientSession.getWhitelistedAnonymousIPs().stream().sorted().collect(Collectors.toList())); pageContext.setAttribute( "futureUsersEnabled", futureUsersEnabled ); pageContext.setAttribute( "saslEnabledMechanisms", SASLAuthentication.getEnabledMechanisms() ); pageContext.setAttribute( "saslImplementedMechanisms", SASLAuthentication.getImplementedMechanisms() ); pageContext.setAttribute( "saslSupportedMechanisms", SASLAuthentication.getSupportedMechanisms() ); pageContext.setAttribute( "blockValue", blockValue ); pageContext.setAttribute( "allowValue", allowValue ); pageContext.setAttribute( "allowAnonymValue", allowAnonymValue ); pageContext.setAttribute( "saveSuccess", save && errors.isEmpty()); final SortedSet union = new TreeSet<>(); union.addAll( SASLAuthentication.getEnabledMechanisms() ); union.addAll( SASLAuthentication.getImplementedMechanisms() ); pageContext.setAttribute( "saslConsideredOrImplementedMechanisms", union ); %>

: ()

	-
	-

	-
	-

	-
	-



		')) { location.replace('${deleteurl}'); } " title="">



		')) { location.replace('${deleteurl}'); } " title="">



		')) { location.replace('${deleteurl}'); } " title="">

	-
	-

mech-enabled-