806228 - Fix login to XMPP servers that implement XMPP v1.0, don't support SASL, but advertise iq-auth support (eg. fastmail)

Status: RESOLVED FIXED

(Thunderbird :: Instant Messaging, defect)

Description

[Alexei Colin]

Attachment: thunderbird-im-xmpp-no-sasl.log

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:16.0) Gecko/20100101 Firefox/16.0
Build ID: 20121010231231

Steps to reproduce:

This is a fork of Bug 789745. The following case seems to not be covered by the detection mechanism implemented as a fix to that bug.

1. Created an XMPP account with chat.messagingengine.com:5222 (a server without SASL support).
2. Attempted to connect.

Server details:
[1] http://fastmail.wikia.com/wiki/ChatService
[2] http://blog.fastmail.fm/2012/09/26/one-step-forward-two-steps-back/



Actual results:

The connection failed with "No authentication mechanism offered by the server".
The debug log is attached.


Expected results:

Thunderbird IM should have detected that this server does not support SASL and fallen back to legacy authentication.

Comment 1

[Florian Quèze [:florian]]

Attachment: WIP

This should be all we need to change to fix this. I haven't tested this at all, so not requesting review yet. Feedback welcome of course :).

The relevant specs are:
http://xmpp.org/rfcs/rfc3920.html#sasl
"If the receiving entity is capable of SASL negotiation, it MUST advertise one or more authentication mechanisms within a <mechanisms/> element qualified by the 'urn:ietf:params:xml:ns:xmpp-sasl' namespace in reply to the opening stream tag received from the initiating entity (if the opening stream tag included the 'version' attribute set to a value of at least "1.0")."

and http://xmpp.org/extensions/xep-0078.html#streamfeature
"It may be desirable for a server to advertise support for non-SASL authentication as a stream feature. The namespace for reporting support within <stream:features/> is "http://jabber.org/features/iq-auth". Upon receiving a stream header qualified by the 'jabber:client' namespace, a server that returns stream features SHOULD also announce support for non-SASL authentication by including the relevant stream feature."

Comment 2

[Florian Quèze [:florian]]

Attachment: Patch v2

This was tested by aleth. And I also added a comment to clarify some code that made us frown when looking at it.

Comment 3

[Florian Quèze [:florian]]

Attachment: Patch v2

Same patch, with the additional comment added for real this time.

Comment 4

[Patrick Cloke [:clokep]]

Comment on attachment 677593 [details] [diff] [review]
Patch v2

Thanks for fixing this Florian. Looks good to me!

Comment 5

[Florian Quèze [:florian]]

Comment on attachment 677593 [details] [diff] [review]
Patch v2

[Approval Request Comment]
Regression caused by (bug #): Not really a regression, but this patch fixes an edge case that wasn't handled by the patch in bug 789745 that added support of non-SASL authentication to Thunderbird 17.
User impact if declined: impossible to login to some XMPP server, for example the fastmail server.
Testing completed (on c-c, etc.): I had someone with a fastmail account test the patch locally and confirm he can login with this patch applied.
Risk to taking this patch (and alternatives if risky): low, the patch is relatively straight forward.

Comment 6

[Florian Quèze [:florian]]

https://hg.mozilla.org/comm-central/rev/d94324488af9
http://hg.instantbird.org/instantbird/rev/a7667e752914

Comment 7

[Mike Conley (:mconley) (:⚙️)]

comm-aurora: https://hg.mozilla.org/releases/comm-aurora/rev/170701a3acc0
comm-beta: https://hg.mozilla.org/releases/comm-beta/rev/a18af72a9831