Pubsub node unsubscription permission model failing

Description

When unsubscribing from a Pubsub node, it appears that Openfire suffers from issues while determining if the entity performing the unsubscribe is permitted to do so:

  • There's a check that will always return true (allowing everyone to successfully issue unsubscribe requests for other users)

  • The node owner check is performed by comparing requestee and owner, but fails to properly normalize the JIDs involved to their bare representation (which causes this check to fail, when it should actually not fail).

Environment

None

Activity

Show:
Fixed

Details

Assignee

Reporter

Components

Fix versions

Priority

Created October 26, 2019 at 6:46 PM
Updated October 31, 2019 at 9:13 AM
Resolved October 31, 2019 at 9:13 AM

Flag notifications