As a security precaution, we have turned on the setting "Require API key authentication for API requests" for everyone. If this has broken something, please contact
Last Comment Bug 806228 - Fix login to XMPP servers that implement XMPP v1.0, don't support SASL, but advertise iq-auth support (eg. fastmail)
: Fix login to XMPP servers that implement XMPP v1.0, don't support SASL, but a...
Product: Thunderbird
Classification: Client Software
Component: Instant Messaging (show other bugs)
: 17 Branch
: All All
: -- normal (vote)
: Thunderbird 19.0
Assigned To: Florian Quèze [:florian] [:flo]
: 789868 (view as bug list)
Depends on:
Blocks: 789745
  Show dependency treegraph
Reported: 2012-10-28 13:05 PDT by Alexei Colin
Modified: 2012-12-06 09:31 PST (History)
5 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---

thunderbird-im-xmpp-no-sasl.log (2.13 KB, text/plain)
2012-10-28 13:05 PDT, Alexei Colin
no flags Details
WIP (3.84 KB, patch)
2012-10-29 17:44 PDT, Florian Quèze [:florian] [:flo]
no flags Details | Diff | Splinter Review
Patch v2 (5.09 KB, patch)
2012-11-01 15:47 PDT, Florian Quèze [:florian] [:flo]
no flags Details | Diff | Splinter Review
Patch v2 (5.91 KB, patch)
2012-11-01 15:50 PDT, Florian Quèze [:florian] [:flo]
clokep: review+
standard8: approval‑comm‑aurora+
standard8: approval‑comm‑beta+
Details | Diff | Splinter Review

Description User image Alexei Colin 2012-10-28 13:05:00 PDT
Created attachment 675977 [details]

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:16.0) Gecko/20100101 Firefox/16.0
Build ID: 20121010231231

Steps to reproduce:

This is a fork of Bug 789745. The following case seems to not be covered by the detection mechanism implemented as a fix to that bug.

1. Created an XMPP account with (a server without SASL support).
2. Attempted to connect.

Server details:

Actual results:

The connection failed with "No authentication mechanism offered by the server".
The debug log is attached.

Expected results:

Thunderbird IM should have detected that this server does not support SASL and fallen back to legacy authentication.
Comment 1 User image Florian Quèze [:florian] [:flo] 2012-10-29 17:44:18 PDT
Created attachment 676416 [details] [diff] [review]

This should be all we need to change to fix this. I haven't tested this at all, so not requesting review yet. Feedback welcome of course :).

The relevant specs are:
"If the receiving entity is capable of SASL negotiation, it MUST advertise one or more authentication mechanisms within a <mechanisms/> element qualified by the 'urn:ietf:params:xml:ns:xmpp-sasl' namespace in reply to the opening stream tag received from the initiating entity (if the opening stream tag included the 'version' attribute set to a value of at least "1.0")."

"It may be desirable for a server to advertise support for non-SASL authentication as a stream feature. The namespace for reporting support within <stream:features/> is "". Upon receiving a stream header qualified by the 'jabber:client' namespace, a server that returns stream features SHOULD also announce support for non-SASL authentication by including the relevant stream feature."
Comment 2 User image Florian Quèze [:florian] [:flo] 2012-11-01 15:47:59 PDT
Created attachment 677591 [details] [diff] [review]
Patch v2

This was tested by aleth. And I also added a comment to clarify some code that made us frown when looking at it.
Comment 3 User image Florian Quèze [:florian] [:flo] 2012-11-01 15:50:21 PDT
Created attachment 677593 [details] [diff] [review]
Patch v2

Same patch, with the additional comment added for real this time.
Comment 4 User image Patrick Cloke [:clokep] 2012-11-01 15:51:54 PDT
Comment on attachment 677593 [details] [diff] [review]
Patch v2

Thanks for fixing this Florian. Looks good to me!
Comment 5 User image Florian Quèze [:florian] [:flo] 2012-11-01 15:59:05 PDT
Comment on attachment 677593 [details] [diff] [review]
Patch v2

[Approval Request Comment]
Regression caused by (bug #): Not really a regression, but this patch fixes an edge case that wasn't handled by the patch in bug 789745 that added support of non-SASL authentication to Thunderbird 17.
User impact if declined: impossible to login to some XMPP server, for example the fastmail server.
Testing completed (on c-c, etc.): I had someone with a fastmail account test the patch locally and confirm he can login with this patch applied.
Risk to taking this patch (and alternatives if risky): low, the patch is relatively straight forward.
Comment 7 User image Mike Conley (:mconley) - PTO on Jan 20th 2012-11-02 11:17:45 PDT
Comment 8 User image Florian Quèze [:florian] [:flo] 2012-12-06 09:31:24 PST
*** Bug 789868 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.