Issues
- Update to Tinder 2.1.0OF-3051Guus der Kinderen
- Allow for custom ExecutorServicesWHACK-25Resolved issue: WHACK-25Guus der Kinderen
- Update minimum version of Java to 11TINDER-87Resolved issue: TINDER-87Guus der Kinderen
- Bump junit 4.13.1 -> 4.13.2TINDER-86Resolved issue: TINDER-86Guus der Kinderen
- Bump slf4j 1.7.36 -> 2.0.17TINDER-85Resolved issue: TINDER-85Guus der Kinderen
- Bump dom4j 2.1.3 -> 2.1.4TINDER-84Resolved issue: TINDER-84Guus der Kinderen
- Update Caffeine 2.9.3 -> 3.2.0TINDER-83Resolved issue: TINDER-83Guus der Kinderen
- Client session sorting on last activity issueOF-3050Guus der Kinderen
- Session overview page error in clusterOF-3049Guus der Kinderen
- Load time of session-summary admin page in a clusterOF-3048Guus der Kinderen
- LDAP Authentication Password 'authpassword' valueOF-3047Resolved issue: OF-3047Guus der Kinderen
- MultiUserProvider should only use supported fieldsOF-3046Resolved issue: OF-3046Guus der Kinderen
- Database update reports success without checkingOF-3045Guus der Kinderen
- Cache inconsistency: `routeOwnersByClusterNode` out of syncOF-3044Resolved issue: OF-3044Guus der Kinderen
- Get Idle Users command is implemented but not returned in DiscoOF-3043Resolved issue: OF-3043Dan Caseley
- Include DB2 Database Drivers in DistributionOF-3042Guus der Kinderen
- LocalOutgoingServer's canProcess error handling introduces deadlockOF-3041Resolved issue: OF-3041Guus der Kinderen
- Base64 decoding issue when resizing avatarsOF-3040Resolved issue: OF-3040Guus der Kinderen
- Unable to execute ClientSessionTask 'incrementConflictCount'OF-3039Resolved issue: OF-3039Guus der Kinderen
- Reduce verbosity of Socket Connection reset log messages (c2s only)OF-3038Resolved issue: OF-3038Guus der Kinderen
- Admin console page to review failed S2S connection attemptsOF-3037Guus der Kinderen
- Improve log messages when unable to connect to a remote host that is unreachableOF-3036Resolved issue: OF-3036Guus der Kinderen
- Failure to get address from detached session over cluster shouldn't log an errorOF-3035Resolved issue: OF-3035Guus der Kinderen
- Stream Management optional close shouldn't log errorOF-3034Resolved issue: OF-3034Guus der Kinderen
- Modify Stream Management to account for short-lived background appsOF-3033Resolved issue: OF-3033Guus der Kinderen
- Monal doesn't receive messages sent while 'detached'OF-3032Guus der Kinderen
- Detached clients generate errors in log when inspected (clustering)OF-3031Resolved issue: OF-3031Guus der Kinderen
- "Setting locale to X" isn't a warningOF-3030Resolved issue: OF-3030Guus der Kinderen
- False postivie for "Client route not found for route {}, while user session still existed"OF-3029Resolved issue: OF-3029Guus der Kinderen
- Netty threads from 'child' eventloop should use Netty-default settingsOF-3028Resolved issue: OF-3028Guus der Kinderen
- Give parent eventloop threads a recognizable nameOF-3027Resolved issue: OF-3027Guus der Kinderen
- Race condition in RoutingTable lead to inconsistent stateOF-3026Resolved issue: OF-3026Guus der Kinderen
- Replace inline <style> element in system-properties.jspOF-3025Guus der Kinderen
- Replace inline <style> element in system-clustering.jspOF-3024Guus der Kinderen
- Replace inline <style> element in system-cache-details.jspOF-3023Guus der Kinderen
- Replace inline <style> element in server-props.jspOF-3022Guus der Kinderen
- Replace inline <style> element in server-db-stats.jspOF-3021Guus der Kinderen
- Replace inline <style> element in server-connectiontest.jspOF-3020Guus der Kinderen
- Replace inline <style> element in security-audit-viewer-jsp.jspOF-3019Guus der Kinderen
- Replace inline <style> element in plugin-admin-jsp.jspOF-3018Guus der Kinderen
- Replace inline <style> element in logviewer.jspOF-3017Guus der Kinderen
- Replace inline <style> element in log.jspOF-3016Guus der Kinderen
- Replace inline <style> element in index.jspOF-3015Guus der Kinderen
- Replace inline <style> element in connection-managers-settings.jspOF-3014Guus der Kinderen
- Replace inline <style> element in available-plugins.jspOF-3013Guus der Kinderen
- Replace inline <script> element in user-search.jspOF-3012Resolved issue: OF-3012Guus der Kinderen
- Replace inline <script> element in user-roster-add.jspOF-3011Resolved issue: OF-3011Guus der Kinderen
- Replace inline <script> element in user-password.jspOF-3010Guus der Kinderen
- Replace inline <script> element in user-message.jspOF-3009Guus der Kinderen
- Replace inline <script> element in user-lockout.jspOF-3008Guus der Kinderen
Upgrade JID class to RFC 7622 / Allow German letters in resource parts
Description
Environment
is related to
Details
Assignee
UnassignedUnassignedReporter
cshcshPriority
Major
Details
Details
Assignee
Reporter
Priority
MajorActivity
Guus der KinderenFebruary 23, 2022 at 7:52 PM
I’ve had an initial go at this, by looking at how many of the ~250.000 usernames that we have (that pass nodeprep) would fail PRECIS’s verification. No duplicates seemed to occur, but a very small number of values (less than 70) got rejected. Our sizeable sample probably leans towards western-based locales.
While discussing PRECIS in the XSF, I found that barely anyone actually uses PRECIS, and that its adoption comes at significant cost (particularly around s2s interop). See https://logs.xmpp.org/xsf/2022-02-22?p=h for the chat log. Given all of that, I’m a lot less inclined to move to PRECIS in the near future. I wonder if the benefits outweigh the costs.
cshJune 24, 2019 at 7:41 AM
I am wondering about the stacktrace, too. I assume it was a client encoding issue then.
Guus der KinderenJune 21, 2019 at 7:33 AM
Ah, thanks for this. I thought I was loosing my sanity.
Although this might be an entirely different issue: what caused your original stack trace? As far as I know, all paths (in Openfire/Tinder) that lead to resourceprep use UTF-8, not another encoding.
cshJune 20, 2019 at 6:47 PM
You are right. I took a wrong assumption just from reading the stacktrace, but it was probably some other encoding issue, like this:
String s = new String("Büro".getBytes(StandardCharsets.ISO_8859_1), StandardCharsets.UTF_8);
JID.resourceprep(s);(which fails).
I'll give another example:
OGHAM SPACE MARK' (U+1680) is allowed in PRECIS (mapped to normal space 0020), but is disallowed by the current implementation (tested with Tinder 1.3.0)
JID.resourceprep("should\u1680not throw");Guus der KinderenJune 20, 2019 at 8:10 AM
Note that once applied, persisted data (in the Openfire database) needs to be scrubbed. See https://tools.ietf.org/html/rfc7613#section-6
German "Umlauts" like ü, ö, ä, ... are currently disallowed by the JID class, leading to the following error, which prevents users to login to Openfire with resources containing german umlauts, e.g. "Büro" (== "office").
Resource parts in JIDs follow the rule:
The FreeFormClass is specified here and allows "LetterDigits" which include the Unicode category "Ll - Lowercase_Letter".
"ü", "ä", "ö", etc. are in this Unicode category and therefore should be allowed in resource parts.
The JID class should be upgraded to RFC 7622 because it uses the old RFC 6122 and the obsolete Stringprep spec, which has been superseded by PRECIS.
(This issue can probably be moved to Tinder project, but I have no rights to do so).
2015.12.06 15:16:14 org.jivesoftware.openfire.handler.IQHandler - Interner Serverfehler java.lang.IllegalArgumentException: The input is not a valid JID resource: B?ro at org.xmpp.packet.JID.resourceprep(JID.java:421) at org.jivesoftware.openfire.handler.IQBindHandler.handleIQ(IQBindHandler.java:94) at org.jivesoftware.openfire.handler.IQHandler.process(IQHandler.java:65) at org.jivesoftware.openfire.IQRouter.handle(IQRouter.java:380) at org.jivesoftware.openfire.IQRouter.route(IQRouter.java:123) at org.jivesoftware.openfire.spi.PacketRouterImpl.route(PacketRouterImpl.java:76) at org.jivesoftware.openfire.net.StanzaHandler.processIQ(StanzaHandler.java:330) at org.jivesoftware.openfire.net.ClientStanzaHandler.processIQ(ClientStanzaHandler.java:93) at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:295) at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:187) at org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandler.java:177) at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765) at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:109) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765) at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:407) at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:236) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765) at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74) at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63) at org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.runTask(OrderedThreadPoolExecutor.java:769) at org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.runTasks(OrderedThreadPoolExecutor.java:761) at org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.run(OrderedThreadPoolExecutor.java:703) at java.lang.Thread.run(Thread.java:745) Caused by: gnu.inet.encoding.StringprepException: Contains prohibited code points. at gnu.inet.encoding.Stringprep.resourceprep(Stringprep.java:276) at gnu.inet.encoding.Stringprep.resourceprep(Stringprep.java:232) at org.xmpp.packet.JID.resourceprep(JID.java:407) ... 29 more