Creating new accounts with open registration disabled

I would like to come back to a question that is still unanswered. see: http://www.jivesoftware.org/forums/thread.jspa?threadID=13411&tstart=30

It concerns creation of new user accounts when open registration is disabled.

Is it possible to do this, as far as I tried not - to create new accounts by sending xml messages as an admin user?

thanks!

guido

I too am interested in this.

I planned to do this by logging the admin user into the server and then calling connection.getAccountManager().createAccount(jid, password). I haven’‘t tried it out yet, but shouldn’'t that do what you require as well?

Thanks

Doug

Hey all,

If you disable in the server the option for in-band registration the server won’'t process IQ packets with namespace ‘‘jabber:iq:register’’. So neither a user nor an admin will be able to register users in that way.

For now the option is to create users using the web-admin console. We are planning in the future to add support for url=http://www.jabber.org/jeps/jep-0133.htmlJEP-133 Service Administration[/url] whose main purpose is to let administrators perform common service-level tasks such as: Add a User, Delete a User, Manage blacklist/whitelist, etc.

Regards,

– Gato

Is JEP-133 on the roadmap? I’'m also interested in this and was curious what priority it has been given, if any.

Thanks

For the time until jep-133 is working I wrote a class that emulates the steps from the admin console with a http client library. Make the adjustments for your environement and may disable the logger then it should work

Guido

see:


public class RemoteAccountCreationOverHTTP {

private static Logger log = Util.getLogger(RemoteAccountCreationImplOverHTTP.class);

private static final int LOGON_PORT = 9090;

//private final String LOGON_SITE;

//private final String ADMIN_USERNAME;

//private final String ADMIN_PASSWORD;

private final String LOGON_SITE = “idmels3test”;

private final String ADMIN_USERNAME = “admin”;

private final String ADMIN_PASSWORD = “admin”;

/*public RemoteAccountCreationImplOverHTTP(){

LOGON_SITE = InstantMessagingModule.getServername();

ADMIN_USERNAME = InstantMessagingModule.getAdminUsername();

ADMIN_PASSWORD = InstantMessagingModule.getAdminPassword();

}*/

/**

  • Does a remote account creation at jive messenger over http and the admin console

  • returns true if account on jive messenger is successfully created

  • @see org.olat.instantMessaging.RemoteAccountCreation#createAccount(java.lang.String, java.lang.String, java.lang.String, java.lang.String)

*/

public boolean createAccount(String username, String password, String name, String email){

boolean accountCreated = false;

String resposeBody;

HttpClient client = new HttpClient();

client.getHostConfiguration().setHost(LOGON_SITE, LOGON_PORT, “http”);

client.getState().setCookiePolicy(CookiePolicy.COMPATIBILITY);

// ‘‘developer.java.sun.com’’ has cookie compliance problems

// Their session cookie’'s domain attribute is in violation of the RFC2109

// We have to resort to using compatibility cookie policy

GetMethod authget = new GetMethod("/login.jsp");

try {

client.executeMethod(authget);

} catch (HttpException e) {

log.error(“Error while calling remote site for account creation”+e.getMessage());

} catch (IOException e) {

log.error(“Error while calling remote site for account creation”+e.getMessage());

}

//System.out.println("Login form get: " + authget.getStatusLine().toString());

// release any connection resources used by the method

authget.releaseConnection();

// See if we got any cookies

/*CookieSpec cookiespec = CookiePolicy.getDefaultSpec();

Cookie[] initcookies = cookiespec.match(

LOGON_SITE, LOGON_PORT, “/”, false, client.getState().getCookies());

System.out.println(“Initial set of cookies:”);

if (initcookies.length == 0) {

System.out.println(“None”);

} else {

for (int i = 0; i < initcookies.length; i++) {

System.out.println("- " + initcookies+.toString());

}

}*/

// login to the admin console

PostMethod authpost = new PostMethod("/login.jsp");

NameValuePair formElementlogin = new NameValuePair(“login”, “true”);

NameValuePair formElementuserid = new NameValuePair(“username”, ADMIN_USERNAME);

NameValuePair formElementpassword = new NameValuePair(“password”, ADMIN_PASSWORD);

authpost.setRequestBody(

new NameValuePair[] {formElementlogin, formElementuserid, formElementpassword});

try {

client.executeMethod(authpost);

} catch (HttpException ex) {

log.error(“Error while calling remote site for account creation”+ex.getMessage());

} catch (IOException ex) {

log.error(“Error while calling remote site for account creation”+ex.getMessage());

}

//System.out.println("Login form post: " + authpost.getStatusLine().toString());

// release any connection resources used by the method

authpost.releaseConnection();

// See if we got any cookies

// The only way of telling whether logon succeeded is

// by finding a session cookie

/*Cookie[] logoncookies = cookiespec.match(

LOGON_SITE, LOGON_PORT, “/”, false, client.getState().getCookies());

System.out.println(“Logon cookies:”);

if (logoncookies.length == 0) {

System.out.println(“None”);

} else {

for (int i = 0; i < logoncookies.length; i++) {

System.out.println("- " + logoncookies+.toString());

}

}*/

// Usually a successful form-based login results in a redicrect to

// another url

int statuscode = authpost.getStatusCode();

if ((statuscode == HttpStatus.SC_MOVED_TEMPORARILY) ||

(statuscode == HttpStatus.SC_MOVED_PERMANENTLY) ||

(statuscode == HttpStatus.SC_SEE_OTHER) ||

(statuscode == HttpStatus.SC_TEMPORARY_REDIRECT)) {

Header header = authpost.getResponseHeader(“location”);

if (header != null) {

String newuri = header.getValue();

if ((newuri == null) || (newuri.equals(""))) {

newuri = “/”;

}

//System.out.println("Redirect target: " + newuri);

GetMethod redirect = new GetMethod(newuri);

try {

client.executeMethod(redirect);

} catch (HttpException e2) {

log.error(“Error while calling remote site for account creation”+e2.getMessage());

} catch (IOException e2) {

log.error(“Error while calling remote site for account creation”+e2.getMessage());

}

//System.out.println("Redirect: " + redirect.getStatusLine().toString());

// release any connection resources used by the method

redirect.releaseConnection();

} else {

log.error(“Error while calling remote site for account creation. Invalid Redirect”);

}

}

//*************************************************************

// create the new user

PostMethod creatUser = new PostMethod("/user-create.jsp");

// Prepare login parameters

NameValuePair action2 = new NameValuePair(“action”, “f”);

NameValuePair url2 = new NameValuePair(“url”, “/user-create.jsp”);

NameValuePair userid2 = new NameValuePair(“username”, username);

NameValuePair formElementName = new NameValuePair(“name”, name);

NameValuePair formElementEmail = new NameValuePair(“email”, email);

NameValuePair password2 = new NameValuePair(“password”, password);

NameValuePair passwordconf = new NameValuePair(“passwordConfirm”, username);

NameValuePair create = new NameValuePair(“create”, “Create User”);

creatUser.setRequestBody(

new NameValuePair[] {action2, url2, userid2, formElementName, formElementEmail, password2, passwordconf, create});

try {

client.executeMethod(creatUser);

} catch (HttpException e1) {

// TODO Auto-generated catch block

e1.printStackTrace();

} catch (IOException e1) {

// TODO Auto-generated catch block

e1.printStackTrace();

}

//if the user already exists we parse the response body

resposeBody = creatUser.getResponseBodyAsString();

// release any connection resources used by the method

creatUser.releaseConnection();

int statuscode2 = creatUser.getStatusCode();

if ((statuscode2 == HttpStatus.SC_MOVED_TEMPORARILY) ||

(statuscode2 == HttpStatus.SC_MOVED_PERMANENTLY) ||

(statuscode2 == HttpStatus.SC_SEE_OTHER) ||

(statuscode2 == HttpStatus.SC_TEMPORARY_REDIRECT)) {

Header header = creatUser.getResponseHeader(“location”);

if (header != null) {

String newuri = header.getValue();

if ((newuri == null) || (newuri.equals(""))) {

newuri = “/”;

}

//if successfull we get a url that end like this

if(newuri.endsWith(“success=true&username=”+username))

accountCreated = true;

//System.out.println("Redirect target: " + newuri);

GetMethod redirect = new GetMethod(newuri);

try {

client.executeMethod(redirect);

} catch (HttpException e2) {

log.error(“Error while calling remote site for account creation.”+e2.getMessage());

} catch (IOException e2) {

log.error(“Error while calling remote site for account creation.”+e2.getMessage());

}

//System.out.println("Redirect: " + redirect.getStatusLine().toString());

//redirect.getResponseBodyAsString();

// release any connection resources used by the method

redirect.releaseConnection();

} else {

log.error(“Error while calling remote site for account creation. Invalid Redirect”);

}

}

if(!accountCreated){

//if username exists it’'s ok as well

//accountCreated = resposeBody.matches(“exists”);

if(resposeBody.indexOf(“Username already exists”) > 0)

accountCreated = true;

}

return accountCreated;

}

/**

  • class testing

  • @param args

*/

public static void main(String[] args) {

RemoteAccountCreationImplOverHTTP remoteAccount = new RemoteAccountCreationImplOverHTTP();

System.out.println("Result: "+remoteAccount.createAccount(“test”, “test”, “test”, “test”));

}

}