New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Accidential deletion of accounts with Psi #1454

Closed
cdroege opened this Issue Jan 9, 2017 · 1 comment

Comments

Projects
None yet
2 participants
@cdroege
Copy link
Contributor

cdroege commented Jan 9, 2017

What version of ejabberd are you using?

16.12 with mysql backend

What operating system (version) are you using?

Arch Linux

How did you install ejabberd (source, package, distribution)?

Distribution package

What did not work as expected? Are there error messages in the log? What
was the unexpected behavior? What was the expected result?

Ejabberd 16.12 changed some behaviour, that can cause an accidential deletion of an account when using the Psi client. Here are the steps to reproduce this:

  1. Register an account
  2. Add a contact in Psi (0.15) with the JID: ""
  3. Delete the JID
  4. Account is deleted, when the server is running 16.12 (but not 16.09). See the attached logs

The bug here seems to be, that ejabberd 16.12 changed something, that causes Psi to not escape the JID when doing roster actions (in ejabberd 16.09 it uses "" but in ejabberd 16.12 it uses "").

Next this causes a bug in Psi when removing the roster item: Psi sends a register request with no JID element and the server automatically replies with a unregister request.

The change of behaviour may or may not be a bug in ejabberd, so feel free to close this bug. After thinking about it a little bit more, it is probably a bug in Psi and not in ejabberd. I will look into it again later today.

XML Log from client with version 16.12

[...]
<iq type="set" id="aacba">
<query xmlns="jabber:iq:roster">
<item subscription="remove" jid=""/>
</query>
</iq>

<iq type="get" id="aacda">
<query xmlns="jabber:iq:register"/>
</iq>

<iq from="asdj89ah4234ioiasmd@draugr.de" type="error" xml:lang="en" to="asdj89ah4234ioiasmd@draugr.de/Psi+" id="aacba">
<query xmlns="jabber:iq:roster">
<item subscription="remove" jid=""/>
</query>
<error type="modify" code="400">
<bad-request xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/>
<text xmlns="urn:ietf:params:xml:ns:xmpp-stanzas" xml:lang="en">Bad value of attribute 'jid' in tag &lt;item/&gt; qualified by namespace 'jabber:iq:roster'</text>
</error>
</iq>

<r xmlns="urn:xmpp:sm:3"/>

<a xmlns="urn:xmpp:sm:3" h="24"/>

<iq from="asdj89ah4234ioiasmd@draugr.de" type="result" xml:lang="en" to="asdj89ah4234ioiasmd@draugr.de/Psi+" id="aacda">
<query xmlns="jabber:iq:register">
<username>asdj89ah4234ioiasmd</username>
<registered/>
<password/>
<instructions>Choose a username and password to register with this server</instructions>
</query>
</iq>

<iq type="set" to="draugr.de" id="aacda">
<query xmlns="jabber:iq:register">
<remove/>
</query>
</iq>

<r xmlns="urn:xmpp:sm:3"/>

<a xmlns="urn:xmpp:sm:3" h="25"/>

<iq from="asdj89ah4234ioiasmd@draugr.de/Psi+" type="result" xml:lang="en" to="asdj89ah4234ioiasmd@draugr.de/Psi+" id="aacda"/>

<r xmlns="urn:xmpp:sm:3"/>

<a xmlns="urn:xmpp:sm:3" h="26"/>

<stream:error>
<conflict xmlns="urn:ietf:params:xml:ns:xmpp-streams"/>
<text xmlns="urn:ietf:params:xml:ns:xmpp-streams" xml:lang="en">User removed</text>
</stream:error>

<iq type="set" id="aacea">
<enable xmlns="urn:xmpp:carbons:2"/>
</iq>

Compare this to a log from 16.09:

<iq type="set" id="aadca">
<query xmlns="jabber:iq:roster">
<item subscription="remove" jid="&quot;&quot;"/>
</query>
</iq>

<iq type="get" to="&quot;&quot;" id="aadea">
<query xmlns="jabber:iq:register"/>
</iq>

<iq from="&quot;&quot;" type="error" xml:lang="en" to="asd90jas8dhasgd8as@creep.im/Psi+" id="aadea">
<query xmlns="jabber:iq:register"/>
<error type="cancel" code="404">
<remote-server-not-found xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/>
</error>
</iq>

<iq type="set" to="&quot;&quot;" id="aadea">
<query xmlns="jabber:iq:register">
<remove/>
</query>
</iq>

<r xmlns="urn:xmpp:sm:3"/>

<a xmlns="urn:xmpp:sm:3" h="9"/>

<r xmlns="urn:xmpp:sm:3"/>

<a xmlns="urn:xmpp:sm:3" h="12"/>

<iq from="asd90jas8dhasgd8as@creep.im" type="set" to="asd90jas8dhasgd8as@creep.im/Psi+" id="push12081735906807766993">
<query xmlns="jabber:iq:roster" ver="fbd91abd5446765958c73bd79c204adcad9f9420">
<item subscription="remove" ask="subscribe" jid="&quot;&quot;"/>
</query>
</iq>

<iq type="result" to="asd90jas8dhasgd8as@creep.im" id="push12081735906807766993"/>

<iq from="asd90jas8dhasgd8as@creep.im" type="result" to="asd90jas8dhasgd8as@creep.im/Psi+" id="aadca"/>

<iq from="&quot;&quot;" type="error" xml:lang="en" to="asd90jas8dhasgd8as@creep.im/Psi+" id="aadea">
<query xmlns="jabber:iq:register">
<remove/>
</query>
<error type="cancel" code="404">
<remote-server-not-found xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/>
</error>
</iq>
@zinid

This comment has been minimized.

Copy link
Member

zinid commented Jan 9, 2017

Yes, the server now behaves correctly actually.
In 16.09 it was putting incorrect jid in the roster (you can see it as &quot;&quot; in 16.09 log).
Now, in 16.12, ejabberd produces an error, thus Psi sends correct value of jid (i.e. no value at all) in unregister request. And ejabberd processes it as it is: an unregister request.
This is an old known Psi bug.

@zinid zinid closed this Jan 9, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment