biboumi sends incorrect presence error when joining a password-protected room
This is related to #3445 (closed)
The client sent a presence to a room, from a full JID, and with an id
attribute:
<presence to='#someplace@euirc.yax.im/Ge0rG' id='ZmcVR-14197'>
<status/><priority>-10</priority>
<c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='https://yaxim.org/' ver='PNyKvAFdHcM4HyMVijywvPee9+o='/>
</presence>
Biboumi sends the error response to the bare JID, omitting the stanza ID:
XMPP SENDING: <presence from='#someplace@euirc.yax.im/Ge0rG' to='georg@yax.im' type='error'>
<error by='#someplace@euirc.yax.im' type='auth'>
<text xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>Cannot join channel (+k)</text>
<not-authorized xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
</error><x xmlns='http://jabber.org/protocol/muc'/>
</presence>
Omission of the ID violates RFC 6120 §8.1.3:
If the generated stanza includes an 'id' attribute then it is REQUIRED for the response or error stanza to also include an 'id' attribute, where the value of the 'id' attribute MUST match that of the generated stanza.
Changing the JID from full to bare is against a "SHOULD" in §8.3.1, and it also leads to significant confusion as the presence error will be delivered to all resources instead of the one that originated the initial presence.
Please keep track of the individual ongoing joins, including their full JID and the original id
, and use those when sending an error back.