Non-Sasl authentication shouldn't allow for spaces post- or prepending the provided form data.

Description

Currently, Openfire silently trims the values that are provided by a client in jabber:iq:auth forms. This leads to unexpected results, as those values are most likely to be re-used by the clients in JIDs.

Spaces aren't allowed in JID nodes, for example. By trimming the username element text value in the jabber:iq:auth form, Openfire causes a lot of confusion.

Instead, Openfire should not modify the values provided by the clients. If invalid authentication data is provided, XEP-0078 suggests that a not-authorized error is returned.

Environment

None

Acceptance Test - Entry

None

Activity

Show:

Guus der Kinderen

October 16, 2008, 3:53 PM

Copy link to comment

Applied fix that was tested locally.

IQAuthHandler will now:

parse data as it is provided by the client. Data won't be trimmed any longer, although some toLowerCase() calls remain;
return not-authorized if invalid data was provided during authentication.

Assignee

Gaston Dombiak

Reporter

Guus der Kinderen

Labels

None

Expected Effort

None

Ignite Forum URL

None

Fix versions

3.6.1

Priority

Major

Configure