Non-Sasl authentication shouldn't allow for spaces post- or prepending the provided form data.


Currently, Openfire silently trims the values that are provided by a client in jabber:iq:auth forms. This leads to unexpected results, as those values are most likely to be re-used by the clients in JIDs.

Spaces aren't allowed in JID nodes, for example. By trimming the username element text value in the jabber:iq:auth form, Openfire causes a lot of confusion.

Instead, Openfire should not modify the values provided by the clients. If invalid authentication data is provided, XEP-0078 suggests that a not-authorized error is returned.




Guus der Kinderen
October 16, 2008, 3:53 PM

Applied fix that was tested locally.

IQAuthHandler will now:

  • parse data as it is provided by the client. Data won't be trimmed any longer, although some toLowerCase() calls remain;

  • return not-authorized if invalid data was provided during authentication.

Your pinned fields
Click on the next to a field label to start pinning.


Gaston Dombiak


Guus der Kinderen