Currently, Openfire silently trims the values that are provided by a client in jabber:iq:auth forms. This leads to unexpected results, as those values are most likely to be re-used by the clients in JIDs.
Spaces aren't allowed in JID nodes, for example. By trimming the username element text value in the jabber:iq:auth form, Openfire causes a lot of confusion.
Instead, Openfire should not modify the values provided by the clients. If invalid authentication data is provided, XEP-0078 suggests that a not-authorized error is returned.
Applied fix that was tested locally.
IQAuthHandler will now:
parse data as it is provided by the client. Data won't be trimmed any longer, although some toLowerCase() calls remain;
return not-authorized if invalid data was provided during authentication.