Openfire (ARCHIVED)

Non-Sasl authentication shouldn't allow for spaces post- or prepending the provided form data.

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: None
  • Fix Version/s: 3.6.1
  • Component/s: None
  • Labels:
    None
  • Acceptance Test - Add?:
    No

Description

Currently, Openfire silently trims the values that are provided by a client in jabber:iq:auth forms. This leads to unexpected results, as those values are most likely to be re-used by the clients in JIDs.

Spaces aren't allowed in JID nodes, for example. By trimming the username element text value in the jabber:iq:auth form, Openfire causes a lot of confusion.

Instead, Openfire should not modify the values provided by the clients. If invalid authentication data is provided, XEP-0078 suggests that a not-authorized error is returned.

Activity

Hide
Permalink
Guus der Kinderen added a comment -

Applied fix that was tested locally.

IQAuthHandler will now:

  • parse data as it is provided by the client. Data won't be trimmed any longer, although some toLowerCase() calls remain;
  • return not-authorized if invalid data was provided during authentication.
Show
Guus der Kinderen added a comment - Applied fix that was tested locally. IQAuthHandler will now:
  • parse data as it is provided by the client. Data won't be trimmed any longer, although some toLowerCase() calls remain;
  • return not-authorized if invalid data was provided during authentication.

People

Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for igniterealtime.org. Try JIRA - bug tracking software for your team.