biboumi sends incorrect presence error when joining a password-protected room (#3446) · Issues · louiz’ / biboumi

biboumi sends incorrect presence error when joining a password-protected room

This is related to #3445

The client sent a presence to a room, from a full JID, and with an id attribute:

<presence to='#someplace@euirc.yax.im/Ge0rG' id='ZmcVR-14197'>
  <status/><priority>-10</priority>
  <c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='https://yaxim.org/' ver='PNyKvAFdHcM4HyMVijywvPee9+o='/>
</presence>

Biboumi sends the error response to the bare JID, omitting the stanza ID:

XMPP SENDING: <presence from='#someplace@euirc.yax.im/Ge0rG' to='georg@yax.im' type='error'>
  <error by='#someplace@euirc.yax.im' type='auth'>
    <text xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>Cannot join channel (+k)</text>
    <not-authorized xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
  </error><x xmlns='http://jabber.org/protocol/muc'/>
</presence>

Omission of the ID violates RFC 6120 §8.1.3:

If the generated stanza includes an 'id' attribute then it is REQUIRED for the response or error stanza to also include an 'id' attribute, where the value of the 'id' attribute MUST match that of the generated stanza.

Changing the JID from full to bare is against a "SHOULD" in §8.3.1, and it also leads to significant confusion as the presence error will be delivered to all resources instead of the one that originated the initial presence.

Please keep track of the individual ongoing joins, including their full JID and the original id, and use those when sending an error back.

This is related to #3445

The client sent a presence to a room, from a full JID, and with an `id` attribute:

```xml
<presence to='#someplace@euirc.yax.im/Ge0rG' id='ZmcVR-14197'>
  <status/><priority>-10</priority>
  <c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='https://yaxim.org/' ver='PNyKvAFdHcM4HyMVijywvPee9+o='/>
</presence>
```

Biboumi sends the error response to the **bare** JID, **omitting** the stanza ID:

```xml
XMPP SENDING: <presence from='#someplace@euirc.yax.im/Ge0rG' to='georg@yax.im' type='error'>
  <error by='#someplace@euirc.yax.im' type='auth'>
    <text xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>Cannot join channel (+k)</text>
    <not-authorized xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
  </error><x xmlns='http://jabber.org/protocol/muc'/>
</presence>
```

Omission of the ID violates [RFC 6120 §8.1.3](https://xmpp.org/rfcs/rfc6120.html#stanzas-attributes-id):

> If the generated stanza includes an 'id' attribute then it is REQUIRED for the response or error stanza to also include an 'id' attribute, where the value of the 'id' attribute MUST match that of the generated stanza.

Changing the JID from full to bare is against a "SHOULD" in [§8.3.1](https://xmpp.org/rfcs/rfc6120.html#stanzas-error-rules), and it also leads to significant confusion as the presence error will be delivered to **all** resources instead of the one that originated the initial presence.

Please keep track of the individual ongoing joins, including their full JID and the original `id`, and use those when sending an error back.

Discussion
Designs

The one place for your designs

To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.