sasl-login test failure

[rdfield]

test suite fails for sasl-login:

t/sasl-login.t ................. Use of uninitialized value $ev in concatenation (.) or string at t/lib/djabberd-test.pl line 452.
Expecting a DJabberd::XMLElement, got a at t/lib/djabberd-test.pl line 452.

Looks like your test exited with 9 before it could output anything.

t/sasl-login.t ................. Dubious, test returned 9 (wstat 2304, 0x900)
Failed 46/46 subtests

[yannk]

Fixes a timing issue in the test

Closed by 2e3d513

[yannk]

Hey, there were multiple cause to this issue. Now tests should pass again, but most likely because they'll skip sasl_login.t

If you rely on sasl, you'll have to wait for a new Authen::SASL release or pull it from here.

http://github.com/yannk/perl-authen-sasl/

[rdfield]

I downloaded the update djabberd code, added perl-authen-sasl and changed VERSION to 2.1402 to force the sasl tests to run, and the make test (of djabberd) showed:

t/sasl-login.t ................. 4/46 Premature padding of base64 data at t/lib/djabberd-test.pl line 601.
t/sasl-login.t ................. 7/46 Premature padding of base64 data at t/lib/djabberd-test.pl line 601.
t/sasl-login.t ................. 16/46 Use of uninitialized value $res in concatenation (.) or string at t/lib/djabberd-test.pl line 642.
t/sasl-login.t ................. 19/46 Use of uninitialized value $res in concatenation (.) or string at t/lib/djabberd-test.pl line 642.
t/sasl-login.t ................. 33/46 27394 ERROR DJabberd.Connection.ClientIn Reject bind request: no sasl
27394 ERROR DJabberd.Connection.ClientIn Reject bind request: no authenticated_jid
t/sasl-login.t ................. ok

When I ran the demo server, I could log in with any name as long as the password was correct; it looked like the hooks in DJabberd/Authen/AllowedUsers.pm were not being called - I added plenty of logging, but nothing showed in the output. My aim is to be able to connect strophe.js to djabberd (via punjab until djabberd supports BOSH). I would be happy if the whole jid (including the resource id) was passed to get_password as just the user id isn't enough to see if the session is valid. Using jsjac.js was OK as it didn't rely on SASL, but strophe.js won't establish a connection without it.

[yannk]

I've pushed changes to clean a bit the output.

Please for your SASL issue, post your config, or much better a failing test case.
Having DJabberd work with punjab and strophe.js was why I added support for it back then. I got it working for my setup, but then I lost interest.

[rdfield]

I'm using the standard demo.conf file, with DJabberd::RosterStorage::SQLite commented out, and DJabberd::RosterStorage::InMemoryOnly uncommented.

The HTML file I am using is (other than the usual chrome):

<script src="/js/strophe.js"></script>

<script>
var conn = new Strophe.Connection("http://192.168.1.150/http-bind/");
conn.connect("admin@192.168.1.150/random_res_id", "secret", function (status)     {
if (status === Strophe.Status.CONNECTED) {
   alert("Connected");
}});
</script>

According to my understanding of the demo config file only users "partya" and "partyb" should be able to connect, but the current config allows any user in if the supplied password matches the one defined for DJabberd::Authen::StaticPassword. I have checked the djabberd log file and the expected output ("denying, unless allowed:") from DJabberd::Authen::AllowedUsers isn't there.

[yannk]

I've reconfirmed the issue, please open a separate issue (#3) about this Static Password. I've confirmed it predates SASL