REST-API-Client icon indicating copy to clipboard operation
REST-API-Client copied to clipboard
verified publisher icon igniterealtime

restapi login filter

Open Heimerdingge opened this issue 2 years ago • 3 comments

swagger ui retry is ok. postman and other http tool is fail; The fail content (lang=Chinese):

Openfire 管理界面

管理界面

						<!-- BEGIN login box -->
						<div class="jive-body-input-box">
							<div class="jive-input-box">
								<input class="form-control" type="text" name="username"  maxlength="50" id="u01" value="" placeholder="用户名" >
								<span style="position: absolute"><i class="fa fa-user"></i></span>
							</div>
							<div class="jive-input-box">
								<input class="form-control" type="password" name="password" maxlength="50" id="p01" placeholder="密码" >
								<span style="position: absolute"><i class="fa fa-key"></i></span>
							</div>
						</div>
						<div class="row">
							<div class="col-lg-12 col-md-12 col-sm-12 ">
								<div class="jive-form-button">
									<button id="submit" type="submit" class="jive-ibtn jive-btn-gradient">登录</button>
								</div>
							</div>
						</div>
						<!-- END login box -->

						<!-- BEGIN error box -->
						<noscript>
							<table class="table table-sm table-responsive table-borderless">
								<tbody>
									<tr>
										<td class="jive-error-text"><i class="fa fa-close fa-lg"></i></td>
										<td class=" jive-error-text">
											<p>错误:尚未启用 JavaScript。本工具使用 JavaScript,如果未启用它,则本工具的大部分功能无法使用。请启用
												JavaScript 并重新装入此页面。</p>
										</td>
									</tr>
								</tbody>
							</table>
						</noscript>

						<!-- END error box -->
					</form>
					<div class="text" id="jive-loginVersion"> Openfire, 版本: 4.7.5</div>
				</div>
			</div>
		</div>
	</div>
</div>

<script language="JavaScript" type="text/javascript">
	<!--
	if (document.loginForm.username.value == '')  {
        document.loginForm.username.focus();
    } else {
        document.loginForm.password.focus();
    }
//
	-->
</script>

Heimerdingge avatar Jul 18 '23 07:07 Heimerdingge

Found the same issue here in 4.7.5 with the Restful API plugin-1.10.1.

Swagger and APITester in Chrome work well but Postman or the Java rest-api-client 1.1.5 will have this error:

"Error: You don't have JavaScript enabled. This tool uses JavaScript and much of it will not work correctly without it enabled. Please turn JavaScript back on and reload this page."

I guess this is because they're trying to patch https://github.com/igniterealtime/Openfire/security/advisories/GHSA-gw42-f939-fhvm, and the default way of binding admin console to network interface is changed. If this is correct, 4.7.5, (and maybe 4.6.8, 4.8.0) have this issue.

And in the comment of OF-2604

Note that various web-based functionality might piggy-back on this server. The REST-API plugin is an example of this. An inventory must be made to find all affected implementation

The REST API plugin is impacted.

Not sure how to fix it but downgraded to 4.7.4 at least can let me call the restful API in Postman and Java client.

Chancelife avatar Jul 19 '23 18:07 Chancelife

Thks,Be testing Tigase, but docs is terrible。

Heimerdingge avatar Jul 20 '23 00:07 Heimerdingge

thanks fix my question

baoxituo1 avatar Feb 03 '24 03:02 baoxituo1