Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Non-Sasl authentication shouldn't allow for spaces post- or prepending the provided form data.

Description

Currently, Openfire silently trims the values that are provided by a client in jabber:iq:auth forms. This leads to unexpected results, as those values are most likely to be re-used by the clients in JIDs.

Spaces aren't allowed in JID nodes, for example. By trimming the username element text value in the jabber:iq:auth form, Openfire causes a lot of confusion.

Instead, Openfire should not modify the values provided by the clients. If invalid authentication data is provided, XEP-0078 suggests that a not-authorized error is returned.

Environment

None

Activity

Show:

Guus der Kinderen 
October 16, 2008 at 3:53 PM

Applied fix that was tested locally.

IQAuthHandler will now:

  • parse data as it is provided by the client. Data won't be trimmed any longer, although some toLowerCase() calls remain;

  • return not-authorized if invalid data was provided during authentication.

Fixed

Details

Assignee

Reporter

Fix versions

Priority

Created October 16, 2008 at 3:25 PM
Updated November 14, 2008 at 3:31 PM
Resolved October 16, 2008 at 3:53 PM