Project

General

Profile

JID escaping?

Martin N
Added over 4 years ago

Hi,

I am trying to upgrade from Tigase 5.0.x to Tigase 5.2.0.

We are very pleased with how Tigase 5.0.x works but we thought it was time to upgrade.

I am having problem with Authentication and the @ sign in the JID. Otherwise it works better.

As an example with domain test@com and email as username joe@email.

That would be joe@email@test.com and from my understanding and http://www.xmpp.org/extensions/xep-0106.html it should be escaped.

So I send joe'\40'email@test.com. But Tigase does not seem to like this?

In my example Tigase fails at JabberIqAuth:

BareJID user_id = BareJID.bareJIDInstance(user_name, session.getDomain().getVhost().getDomain());

Should it work? Any other suggestion?

Can I bypass this?


Replies (7)

Avatar?id=6023&size=32x32

Added by Artur Hefczyc TigaseTeam over 4 years ago

There were many changes in the authentication code between 5.0 and 5.2 so it is likely it affects you. We are looking into this and someone from our team will respond shortly. By the way, if you are upgrading, I suggest to use either 5.2.1 or 5.2.2 version with the most recent fixes.

Avatar?id=6098&size=32x32

Added by Bartosz Malkowski TigaseTeam over 4 years ago

There is no JID in non-SASL auth

<iq type='set' id='auth2'>
  <query xmlns='jabber:iq:auth'>
    <username>bill</username>
    <password>Calli0pe</password>
    <resource>globe</resource>
  </query>
</iq>
Avatar?id=6023&size=32x32

Added by Artur Hefczyc TigaseTeam over 4 years ago

Martin, could you please send us exact data you send to the server for user authentication? I mean the authentication stanza which is rejected by the server.

Added by Martin N over 4 years ago

Ok. I will have a look and see.

But I debugged this and it failes in JabberIqAuth

(Line 266 in the git master branch).

BareJID user_id = BareJID.bareJIDInstance(user_name, session.getDomain()
                            .getVhost().getDomain());

Here you have a user_name (joe\40email) and domain (email@test.com ) that will be a BareJid but first id does some check with stringprep?.

Everything works fine if I send a "normal username" without @@. Do you support @@ in username?

Added by Martin N over 4 years ago

Martin N wrote:

Ok. I will have a look and see.

But I debugged this and it failes in JabberIqAuth

(Line 266 in the git master branch).

BareJID user_id = BareJID.bareJIDInstance(user_name, session.getDomain()

                      .getVhost().getDomain());

Here you have a user_name (joe\40email) and domain (email@test.com ) that will be a BareJid but first id does some check with stringprep?.

Everything works fine if I send a "normal username" without '@'. Do you support '@' in username?

More info:

works:

<iq type="set" id="auth2" xmlns="jabber:client"><query xmlns="jabber:iq:auth"><username>aUser</username><resource>aresource</resource><password>secret</password></query></iq>

Does not work. (username.contains('\40') == true)

<iq type="set" id="auth2" xmlns="jabber:client"><query xmlns="jabber:iq:auth"><username>aUser2 test.se</username><resource>aresource</resource><password>secret</password></query></iq>
tigase.util.TigaseStringprepException: Illegal characters in string, localpart = martin.n2 test.se

Can also confirm that it works with --stringprep-processor=empty.

I think the problem is the regular expression in XMPPStringPrepSimple.

Avatar?id=6023&size=32x32

Added by Artur Hefczyc TigaseTeam over 4 years ago

Apparently, the default stringprep processor does not allow for '@' character in username portion of the JID. You may use the 'empty' stringprep processor as you indicated above or the most sophisticated and comprehensive 'libidn' stringprep processor. The last one listed is the proper and real stringprep processor which conforms to the full XMPP specification and XMPP JID format. However, it requires a considerable resources and the processing is extensive.

If using '@' is allowed then 'libidn' stringprep should pass it OK.

Just a note, we have not run any tests to ensure that any other part of Tigase do not have problems with '@' character in username. So you are doing this at your own risk. On the other hand, if you used it successful and without problems in version 5.0 I do not think it would cause any problems in current version.

Added by Martin N over 4 years ago

Ok. Yes I think this is solved now.

Thanks so much for the support.

    (1-7/7)