Build #2,583

Plan branch:
Verifies the integrety of the projects, as builds are executed immediately after a code change was detected. This plan provides no artifiacts (use a nightly build instead).

Build: #2583 was successful Changes by Guus der Kinderen

Code commits

Openfire (master)

  • Guus der Kinderen

    Guus der Kinderen 7c52305534bd493ce1a3054c7ad32153976b7716

    Minor VCard improvements

    • xmppserver/src/main/java/org/jivesoftware/openfire/handler/IQvCardHandler.java (version 7c52305534bd493ce1a3054c7ad32153976b7716)
  • Guus der Kinderen

    Guus der Kinderen 2759a5c642c799251cf6ce7115dae5aaefddb93f

    OF-2839: Return error when non-existing VCard is requested.
    When requesting a VCard from someone else, XEP-0054 (version 1.2) section 3.3 defines:

    > If no vCard exists [...] the server MUST return a stanza error,

    Furthermore:

    > If no vCard exists or the user does not exist, the server MUST return a stanza error, which SHOULD be either <service-unavailable/> or <item-not-found/> (but the server MUST return the same error condition in both cases to help prevent directory harvesting attacks).

    Finally, RFC 6121 section 8.5.1 defines:

    > If the user account identified by the 'to' attribute does not exist, how the stanza is processed depends on the stanza type. For an IQ stanza, the server MUST return a <service-unavailable/> stanza error to the sender.

    Openfire currently does not return an error, but an empty VCard. This is allowable when requesting one’s own VCard, but not when requesting that of others.

    Instead, Openfire must return an error with the service-unavailable condition when someone is requesting a VCard that doesn’t exist, from an existing user.

    Note that Openfire already returns service-unavailable when an IQ request is sent to a non-existing user.

    • xmppserver/src/main/java/org/jivesoftware/openfire/handler/IQvCardHandler.java (version 2759a5c642c799251cf6ce7115dae5aaefddb93f)
  • Guus der Kinderen

    Guus der Kinderen 00c88addd5fa8541b0318258bee4693d15d17142

    OF-2838: Return error when updating someone else's VCard
    Instead of silently ignoring such a request, return an error, as mandated by the XEP.

    • i18n/src/main/resources/openfire_i18n.properties (version 00c88addd5fa8541b0318258bee4693d15d17142)
    • i18n/src/main/resources/openfire_i18n_nl.properties (version 00c88addd5fa8541b0318258bee4693d15d17142)
    • xmppserver/src/main/java/org/jivesoftware/openfire/handler/IQvCardHandler.java (version 00c88addd5fa8541b0318258bee4693d15d17142)
  • Guus der Kinderen

    Guus der Kinderen b3f6919dd04afed190182e0807f89b68332f3983

    OF-2835: Openfire should advertise CAPS support
    As Openfire supports CAPS (it calculates a hash for its own service discovery information), advertise support through service discovery.

    • xmppserver/src/main/java/org/jivesoftware/openfire/entitycaps/EntityCapabilitiesManager.java (version b3f6919dd04afed190182e0807f89b68332f3983)
  • Guus der Kinderen

    Guus der Kinderen fcca17d42db26927113e4944b9658e5303bc15be

    Apply IDE suggestions
    Minor, non-functional changes suggested by the IDE (spelling, non-needed code, etc).

    • xmppserver/src/main/java/org/jivesoftware/openfire/entitycaps/EntityCapabilitiesManager.java (version fcca17d42db26927113e4944b9658e5303bc15be)
  • Guus der Kinderen

    Guus der Kinderen 303369d0eb078bc4c5bd0e6e44bed0917ad3df80

    OF-2836: CapsManager should use provided algorithm
    Use the provided algorithm for entity capability calculation, rather than assuming that it's `SHA-1`.

    • xmppserver/src/main/java/org/jivesoftware/openfire/entitycaps/EntityCapabilitiesManager.java (version 303369d0eb078bc4c5bd0e6e44bed0917ad3df80)
  • Guus der Kinderen

    Guus der Kinderen 76b8b7f62f32bfbef8d7526b49324762678565c3

    OF-2825: Implement XEP-0030's security considerations
    Service Discovery's section 8 describes some security considerations that Openfire must implement.

    These security considerations partially contradict what's defined in RFC-6121 8.5.1. To allow for that implementation to be applied differently, this commit refactors the code to allow for an override of the original implementation of the 'no-such-user' handling.

    • xmppserver/src/main/java/org/jivesoftware/openfire/disco/IQDiscoInfoHandler.java (version 76b8b7f62f32bfbef8d7526b49324762678565c3)
    • xmppserver/src/main/java/org/jivesoftware/openfire/disco/IQDiscoItemsHandler.java (version 76b8b7f62f32bfbef8d7526b49324762678565c3)
    • xmppserver/src/main/java/org/jivesoftware/openfire/handler/IQHandler.java (version 76b8b7f62f32bfbef8d7526b49324762678565c3)