Closed
Bug 896652
Opened 12 years ago
Closed 11 years ago
Special chars (eg umlauts) in password break xmpp login
Categories
(Thunderbird :: Instant Messaging, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
Thunderbird 26.0
People
(Reporter: klemens, Assigned: florian)
Details
Attachments
(1 file, 1 obsolete file)
|
1.16 KB,
patch
|
clokep
:
review+
|
Details | Diff | Splinter Review |
Login to a xmpp account with the correct password fails when the password contains an umlaut (eg. ä).
Instead an error is displayed in the account list: "Fehler: Nicht autorisiert (Wurde ein falsches Passwort eingegeben?)" (English ~ "Error: not authorized. (Have you entered a wrong password?)")
There is no output in the developer console.
The login works with the same account and password using Miranda, Pidgin and Gibberbot. The server is running prosody 8.2.
Could be related to Bug 713295.
|
Assignee | |
Comment 1•12 years ago
|
||
I remember fixing this in a different bug for accentuated characters in Facebook passwords. For these passwords to work on Facebook chat (which is using the same XMPP implementation), I ensured the passwords were treated as UTF8 strings during hashing; and I know Pidgin is broken for connecting to Facebook chat when a password contains accentuated characters.
|
||
Comment 2•12 years ago
|
||
Mic found that bug yesterday on IRC: https://bugzilla.instantbird.org/show_bug.cgi?id=1203, looks like this was in the initial landing of XMPP in Thunderbird:
http://mxr.mozilla.org/comm-central/source/chat/protocols/xmpp/xmpp-authmechs.jsm#36
https://bugzilla.instantbird.org/attachment.cgi?id=1080&action=diff#a/chat/protocols/xmpp/xmpp-authmechs.jsm_sec1
http://hg.mozilla.org/comm-central/rev/8cdfed92867f#l106.73
|
|
Assignee | |
Comment 3•12 years ago
|
||
So in that bug I fixed the encoding for the DIGEST-MD5 auth method. Maybe the server here is using PLAIN (likely if the connection is encrypted)?
A debug log would be helpful to be sure, but I'm afraid a debug log would contain the password :-(.
|
Reporter | |
Comment 4•12 years ago
|
||
The server is actually mine and encryption is enforced using START_TLS. Thus the authentication is always PLAIN.
Because I am not the only user, I would rather not disable the encryption (and then wireshark the traffic). So is there a way to create such a log in Thunderbird?
If this it not possible, I am going to setup a local server instance and create a complete log there.
|
|
||
Comment 5•12 years ago
|
||
Thunderbird unfortunately only dumps to the error console, in about:config (Tools > Options > Advanced > General > "Config editor...") search for "loglevel" and change the purple.loglevel pref. (I don't remember exactly what it's called.)
Now when you connect a lot of stuff should be output into the error console (Tools > Error console) showing the sent/received stanzas. You can copy & paste via the context menu (unfortunately only one at a time...)
|
|
Assignee | |
Comment 6•12 years ago
|
||
(In reply to klemens from comment #4)
> The server is actually mine and encryption is enforced using START_TLS. Thus
> the authentication is always PLAIN.
Ok, if the authentication is PLAIN, I have never tested special characters in passwords and I wouldn't be surprised if something doesn't work.
I wanted the debug log mostly to check if PLAIN was used.
> Because I am not the only user, I would rather not disable the encryption
> (and then wireshark the traffic). So is there a way to create such a log in
> Thunderbird?
There are ways (and it's even easier from Instantbird), but if we are sure the problem is with PLAIN, what we'll need next to fix the bug is a test account with special chars in the password. It shouldn't be difficult to get one.
|
|
Reporter | |
Comment 7•12 years ago
|
||
Ok, setting purple.debug.loglevel to 1 worked well:
For a user "thundertest" with password "abcö" the following PLAIN auth request is sent:
<auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl"
mechanism="PLAIN">AHRodW5kZXJ0ZXN0AGFiY/Y=</auth>
The base64 decodes correctly, but as assumed to ASCII instead of UTF-8.
|
|
Assignee | |
Comment 8•12 years ago
|
||
I don't have a test account, but with the attached patch the base64 value becomes AHRodW5kZXJ0ZXN0AGFiY8ODwrY= for the user "thundertest" / password "abcö" data from comment 7.
Can you confirm if this is the value sent by other XMPP clients?
Attachment #779810 -
Flags: review?(clokep)
|
|
Reporter | |
Comment 9•12 years ago
|
||
AHRodW5kZXJ0ZXN0AGFiY8ODwrY= does not seem correct. It utf-8-decodes to "\0thundertest\0abcö" which looks like utf-8 read as ASCII and encoded as utf-8 again.
The correct value should be "AHRodW5kZXJ0ZXN0AGFiY8O2" (according to Miranda and a successful login). This utf-8-decodes nicely to "\0thundertest\0abcö".
You can use the account thundertest with the same domain as my e-mail for testing if you want.
Btw, according to RFC 4616 the username should also be encoded as utf-8.
|
|
Assignee | |
Comment 10•12 years ago
|
||
This gives the AHRodW5kZXJ0ZXN0AGFiY8O2 result, I got confused during my testing, sorry.
Attachment #779810 -
Attachment is obsolete: true
Attachment #779810 -
Flags: review?(clokep)
Attachment #779838 -
Flags: review?(clokep)
|
|
||
Comment 11•12 years ago
|
||
Comment on attachment 779838 [details] [diff] [review]
Patch v2
Looks good, stolen from http://lxr.instantbird.org/instantbird/source/chat/protocols/irc/ircSASL.jsm#36
Attachment #779838 -
Flags: review?(clokep) → review+
|
|
||
Comment 12•12 years ago
|
||
Checked into Instantbird: http://hg.instantbird.org/instantbird/rev/1aea1bdc6663
Assignee: nobody → florian
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
|
|
||
Updated•12 years ago
|
Keywords: checkin-needed
|
||
Comment 13•11 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 26.0
You need to log in
before you can comment on or make changes to this bug.
Description
•