-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Parsing unescaped jid that contains two '@' symbols. #14
Comments
lastIndexOf doesn't work either since |
I see, I was only looking at entityBareFrom methods, where there is no resource. I will try comming with a PR fr this thing and then we can discuss it. |
I'm trying to get my head around this while still recovering from an illness. So please bear with me. I think it would be clearer for me if you could show me how you invoke a method and what happens, and what you think should happen. My assumption right now is that you do something like
which yields an entity bare jid where the localpart is 'foo' and the domainpart is '[email protected]'. Which is not correct, the localpart should be 'foo\40boo' and the domainpart should be 'example.org'. And PR #15 tries to solves this by stripping the resourcepart prior the extraction of the localpart in |
We are using |
With this change the domain part will be |
Shouldn't the localpart be escaped, and thus be 'foo\40boo'? |
Escape is done only when using all ..FromUnescaped methods and is not done using the others. So I expect |
Ahh, you used the non-Unescaped variant. Now I am with you. Could you add a test for
too and check that the localpart has the expected form, i.e. 'foo\40boo'? |
Just added the test for JidCreate.fromUnescaped and escaping. |
I'm looking at this mobile, but I don't think this works in all cases. / is a valid unescaped character in localparts. The current indexOf would take it as the separator for the resource though. @Flowdalic hope you'll be better soon! |
That can be easily fixed by not using But I was thinking about another case. Can you have a jid that has no resource and is in the form of "foo/[email protected]"? |
lastIndexOf doesn't work since resourceparts can legally have /, and they don't even need to be escaped. foo/[email protected] is IMO legal unescaped, but the meaning is unclear. It could either be foo/boo (localpart) @ server.com (node), no resource OR no localpart, foo (node), [email protected] (resourcepart). Not sure if the RFCs or XEPs say something about that case. |
This means that foo/[email protected] should be: domain is
And the same for resource, we have identified domain and then parse resource:
Do you agree with those statements and the parsing of |
RFC 6122 has been obsoleted by RFC 7622. The relevant quotes are I think:
That rules applied, 'foo/[email protected]' yield, if I'm not mistaken, 'foo' as domainpart and '[email protected]' as resourcepart. So yes @damencho I think you are right. :) |
You're both right, but the RFC only deals with valid JIDs (i.e. not containing @,/,etc. in the localpart). This would be in XEP-0106. Actually, for Jicofo, where the issue appeared, there must have been an error before:
The XEP doesn't mention resources since it deals mostly deals with the mapping of existing addresses into JIDs. |
Yep, for jicofo I reverted to using smack 3.2 and I saw invalid jid exceptions and then I started researching why this doesn't happen with smack 4. |
Ok, reading rfc7622 how domain part is extracted seems the original code that I was trying to modify works that way, so jid foo@[email protected]/bar@baz, will be: |
I'm not sure if I can follow. Using the current HEAD of jxmpp
yields a JID with What was the behavior with your changes applied? Now there are two observations here: '[email protected]' is not a correct DNS name because of the '@' sign (RFC 952). And the API was likely incorrectly used, i.e. Therefore I think we should improve jxmpp in the following ways:
I say we concentrate on 2. for now. 1. can be fixed later as it is not so important because its mostly caused by incorrect API usage. As far as I can tell, 2. is a tricky one, mostly because the '@' could also appear in the resourcepart. I do wonder if such an API even makes sense (and if we shouldn't deprecate it in it's current form in jxmpp): How often to user enter unescaped full JIDs somewhere into the application? What was the exact situation in Jicofo where you run into this? |
So with my changes in the PR:
With the current implementation that I did in the PR, the problem is if there is '/' in the localpart, as @ibauersachs pointed out. We use roomname for the conferences as [email protected], and there is an iq that invites jicofo to enter the room and orchestrate the conference. |
If you want to use JidCreate.entityBareFromUnescaped to parse and validate a jid, there is an issue if the jid is incorrect and contains two '@' symbols.
https://github.com/igniterealtime/jxmpp/blob/master/jxmpp-jid/src/main/java/org/jxmpp/jid/impl/JidCreate.java#L453
I think both XmppStringUtils.parseLocalpart and XmppStringUtils.parseDomain should not use int atIndex = jid.indexOf('@');, but instead use int atIndex = jid.lastIndexOf('@');
WDYT?
The text was updated successfully, but these errors were encountered: