search

metajack / strophejs

The Strophe.js repository has moved to https://github.com/strophe/strophejs
http://strophe.im/strophejs
MIT License
811 stars 160 forks source link

jabber:iq:auth not working - fix #100

Open DavidusEdwardus opened 11 years ago

DavidusEdwardus commented 11 years ago

When writing my own XMPP service using DJabbberd , I found i could log in using BOSH and Pidgin, but not strophejs. jabber:iq:auth is deprecated, but when testing, I had SASL disabled.

At what point a server advertises the iq-auth stream feature is up to the implementation or deployment, and in my case, this is as per Example 9 Xep-0078. The code looks for the mechanism tag, and if not found, loops infinitely in the case this is never offered.

My fix may not be relevant or suitable, but here it is for completeness or if anyone else is curious

From 2958 on

    var do_sasl_anonymous = false;
    var do_iq_auth = false;

    var mechanisms = bodyWrap.getElementsByTagName("mechanism");
    var authns = bodyWrap.getElementsByTagName("auth");
    if(authns.length > 0);
    {
        var authvar = authns[0];
        if(authvar.namespaceURI === 'http://jabber.org/features/iq-auth')
        {
            do_iq_auth = true;
        }
    }

    var i, mech, auth_str, hashed_auth_str;
    if (mechanisms.length > 0) {
        for (i = 0; i < mechanisms.length; i++) {
            mech = Strophe.getText(mechanisms[i]);
            if (mech == 'DIGEST-MD5') {
                do_sasl_digest_md5 = true;
            } else if (mech == 'PLAIN') {
                do_sasl_plain = true;
            } else if (mech == 'ANONYMOUS') {
                do_sasl_anonymous = true;
            }
        }
    } else {
        // we didn't get stream:features yet, so we need wait for it
        // by sending a blank poll request
        if(do_iq_auth === false)
        {
            Strophe.debug("No stream, poll");
            var body = this._buildBody();               
            this._requests.push(
                new Strophe.Request(body.tree(),
                                    this._onRequestStateChange.bind(
                                        this, this._connect_cb.bind(this)),
                                    body.tree().getAttribute("rid")));
            this._throttledRequestHandler();
            return;
        }
metajack commented 11 years ago

I don't mind adding in jabber:iq:auth as long as it's advertised as a a feature in stream:features and can be detected.

Note that it's not part of XMPP 1.0 at all.

metajack commented 11 years ago

Oh I've misunderstood your patch. This causes it to keep looping waiting for stream:features?

DavidusEdwardus commented 11 years ago

Indeed, its looking for the mechanism tag, and its ostensible (and in my testing with the SASL module disabled :P ) , that the tag will not be offered. In that case, its an infinite loop.

Of course as you say, its not part of the spec, and its also deprecated, but for completeness, that was it.