Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
biboumi
biboumi
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 98
    • Issues 98
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 12
    • Merge Requests 12
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • louiz’
  • biboumibiboumi
  • Issues
  • #3446

Closed
Open
Opened Oct 14, 2020 by ge0rg@ge0rg

biboumi sends incorrect presence error when joining a password-protected room

This is related to #3445 (closed)

The client sent a presence to a room, from a full JID, and with an id attribute:

<presence to='#someplace@euirc.yax.im/Ge0rG' id='ZmcVR-14197'>
  <status/><priority>-10</priority>
  <c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='https://yaxim.org/' ver='PNyKvAFdHcM4HyMVijywvPee9+o='/>
</presence>

Biboumi sends the error response to the bare JID, omitting the stanza ID:

XMPP SENDING: <presence from='#someplace@euirc.yax.im/Ge0rG' to='georg@yax.im' type='error'>
  <error by='#someplace@euirc.yax.im' type='auth'>
    <text xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>Cannot join channel (+k)</text>
    <not-authorized xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
  </error><x xmlns='http://jabber.org/protocol/muc'/>
</presence>

Omission of the ID violates RFC 6120 §8.1.3:

If the generated stanza includes an 'id' attribute then it is REQUIRED for the response or error stanza to also include an 'id' attribute, where the value of the 'id' attribute MUST match that of the generated stanza.

Changing the JID from full to bare is against a "SHOULD" in §8.3.1, and it also leads to significant confusion as the presence error will be delivered to all resources instead of the one that originated the initial presence.

Please keep track of the individual ongoing joins, including their full JID and the original id, and use those when sending an error back.

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: louiz/biboumi#3446