Authentication failure isn't being processed correctly.

[cburschka]

1. Authentication failures are silent.
2. The connection isn't terminated correctly, leaving the status icon grey but disabling all options except "Offline" in the status menu.

[cburschka]

Essentially, it seems that the <failure> stanza isn't terminating the connection.

[cburschka]

... which is part of the spec. You can retry authentication in the same connection as often as you want (until the server closes the connection).

So really, the issue is that "connection open, but no auth" looks like "waiting for connection" in the status selector (but not the header bar, which still has the login form until the authentication succeeds).

[cburschka]

And also "ejabberd-auth-php sent me a token, but isn't actually accepting it because of a weird bug" looks like "I'm not logged in", and silently fails.

[cburschka]

Apparently I'm too zealous in preventing redundant connections. When checking whether to allow the /connect command, I shouldn't check Strophe.Connection.connected but rather Strophe.Connection.authenticated.

Reusing an open (but unauthenticated) connection to call connect() again seems safe - there are no lingering side effects from the failed attempts. (Calling it again on an authenticated session is a different story.)