Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Messages from JIDs not in roster are silently ignored #844

Open
ossguy opened this issue Sep 6, 2017 · 13 comments
Open

Messages from JIDs not in roster are silently ignored #844

ossguy opened this issue Sep 6, 2017 · 13 comments

Comments

@ossguy
Copy link

@ossguy ossguy commented Sep 6, 2017

It appears that when someone sends a message to a ChatSecure user and they are not in the ChatSecure user's roster, then that message will be silently ignored by ChatSecure. Is this intentional? If so, is there a setting one can use to turn off this behavior?

@chrisballinger
Copy link
Member

@chrisballinger chrisballinger commented Sep 6, 2017

It's currently intentional, partially for security reasons, but we might relax that requirement in the future.

@ossguy
Copy link
Author

@ossguy ossguy commented Sep 6, 2017

Would it be possible to add "receive messages from contacts not in your roster" as an off-by-default feature (toggle switch)?

Currently we recommend ChatSecure as the iOS XMPP client for https://jmp.chat/ but it's a bit tricky to (a) explain to users the current behavior and (b) create a workaround for it. JMP provides a phone number for users, which they can then receive text/pictures messages on - these messages arrive from special JIDs representing the sender's phone number, and they are naturally not in the user's contact list (unless they knew who'd be sending them a text/picture message and pre-added them).

The only workaround we could implement in JMP is to both (1) always request a subscription when we don't have one yet and (2) queue up messages destined for the user until they accept the subscription request and then send them once it is approved.

We'd like to keep recommending ChatSecure for JMP, but not sure how feasible that will be long-term without the above feature. Even if it's off by default, at least we can show users how to easily enable it.

@chrisballinger
Copy link
Member

@chrisballinger chrisballinger commented Sep 7, 2017

Ah I see, this change might take a while because it affects some security assumptions so will need to be implemented carefully. Your server-side workaround makes sense and could be integrated with XEP-0357 to still show generic "New Message!" notifications from users not on your roster.

@ossguy
Copy link
Author

@ossguy ossguy commented Sep 7, 2017

I'm not sure how the workaround you described (using XEP-0357) would work exactly - does this require some sort of outside-of-XMPP hack? Note that with JMP, the users are logged into their own servers, which do s2s with the JMP server, so we don't really control whether users have XEP-0357 or not.

In any case, I'm excited to see the "receive messages from contacts not in your roster" feature in ChatSecure. Let me know if I can help test a beta build or anything (if that's possible on a stock/locked device).

@jotwewe
Copy link

@jotwewe jotwewe commented Mar 28, 2018

What is the reason for not showing the first message after the previously unknown jid has been added to the roster?

A usual user assumes his message has been received by the recipient and my wait for a reply.
On my server (prosody) I use mod_welcome to send a message to newly registered users, saying hello and pointing to support MUC. Chatsecure users don't receive those messages...

@chrisballinger
Copy link
Member

@chrisballinger chrisballinger commented Mar 29, 2018

@herbsmn
Copy link

@herbsmn herbsmn commented May 10, 2018

Hey @chrisballinger. I don't comment in the ChatSecure issues very often, so I want to begin by saying a huge thank you for the work that you are doing with this iOS app!

Secondly, I was just curious if you've gotten any clearer of a picture in the last month and half since you last posted as to when this issue will be address. Congrats on the recent database migration, by the way!

@chrisballinger
Copy link
Member

@chrisballinger chrisballinger commented May 10, 2018

Hey thanks for the kind words. The migration is in place in v4.3.0, but there is no planned ETA for displaying incoming messages from non-roster contacts.

@ossguy
Copy link
Author

@ossguy ossguy commented May 11, 2018

I've heard reports from different JMP users that ChatSecure now handles notifications much better than it did previously (see #782 and the issues it references for details on the previous behaviour).

As a result, it looks like this issue is now the only one preventing us from recommending ChatSecure on https://jmp.chat/ (in place of Tigase Messenger).

We would be quite excited to switch that recommendation, as ChatSecure has many features that JMP users appreciate (such as OMEMO support). So we're happy to see that progress is being made in this direction, and are very much looking forward to its completion!

@chrisballinger
Copy link
Member

@chrisballinger chrisballinger commented May 12, 2018

@ossguy Good to hear the notifications are improved!

@rozzin
Copy link

@rozzin rozzin commented Jan 28, 2020

So what is the current situation, at this point? When a message comes in from a JID that's not in the user's roster, does ChatSecure just avoid posting a notice, put them into an "unknown contacts" group or something, or does it completely prevent the message from ever being viewable, or what?

Looking at the last exchange from @ossguy and @chrisballinger, it's clear that something has changed but it's not clear what the current situation is now....

@sith-on-mars
Copy link

@sith-on-mars sith-on-mars commented Jan 18, 2021

Another year has already passed. Has any progress been made?

@chrisballinger
Copy link
Member

@chrisballinger chrisballinger commented Jan 18, 2021

If you'd like to propose a change in this behavior, please consider submitting a pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
6 participants