Build #3,001

Plan branch:
Verifies the integrety of the projects, as builds are executed immediately after a code change was detected. This plan provides no artifiacts (use a nightly build instead).

Build: #3001 was successful Changes by Guus der Kinderen

Stages & jobs

  1. Default Stage

  2. Continuous Integration

Code commits

Openfire (master)

  • Guus der Kinderen

    Guus der Kinderen 106ede644a5b7d6e3e3111294826a35e7bb95814

    Set incoming server auth method from negotiated SASL mechanism
    Stop assuming inbound s2s SASL authentication always uses EXTERNAL. When SASL succeeds, derive `ServerSession.AuthenticationMethod` from the actual negotiated mechanism name instead:

    - EXTERNAL -> SASL_EXTERNAL
    - any other mechanism -> OTHER

    This makes session state reflect the real authentication method used and removes brittle coupling to current mechanism availability.

    • xmppserver/src/main/java/org/jivesoftware/openfire/net/SASLAuthentication.java (version 106ede644a5b7d6e3e3111294826a35e7bb95814)
    • xmppserver/src/main/java/org/jivesoftware/openfire/session/ServerSession.java (version 106ede644a5b7d6e3e3111294826a35e7bb95814)
    • xmppserver/src/test/java/org/jivesoftware/openfire/net/SASLAuthenticationTest.java (version 106ede644a5b7d6e3e3111294826a35e7bb95814)
    • xmppserver/src/test/java/org/jivesoftware/openfire/session/ServerSessionTest.java (version 106ede644a5b7d6e3e3111294826a35e7bb95814)
  • Guus der Kinderen

    Guus der Kinderen fe8786170abc484fc48936d237dacb928ad75069

    Optimize SASL mechanism validation by avoiding unnecessary XML conversions
    Replace Element-based mechanism lookups with direct set operations. Eliminates redundant dom4j manipulation.

    Adds unit test coverage

    None of this is expected to introduce functional changes. Pre-existing public method signatures are left intact for backwards compatibility.

    • xmppserver/src/main/java/org/jivesoftware/openfire/net/SASLAuthentication.java (version fe8786170abc484fc48936d237dacb928ad75069)
    • xmppserver/src/test/java/org/jivesoftware/openfire/net/SASLAuthenticationTest.java (version fe8786170abc484fc48936d237dacb928ad75069)
  • Guus der Kinderen

    Guus der Kinderen a1c184c4df4e6c7d101f8a00887d160e6813d339

    Minor fixes for code review findings

    • xmppserver/src/main/java/org/jivesoftware/openfire/net/SASLAuthentication.java (version a1c184c4df4e6c7d101f8a00887d160e6813d339)
  • Guus der Kinderen

    Guus der Kinderen f9d4cc53d362f91d674377b6aa1eb7bb545a3f53

    OF-3268: Refactor SASL EXTERNAL S2S success path to remove duplicate checks
    Remove redundant inbound S2S post-auth verification from `SASLAuthentication.handle(...)` after `saslServer.isComplete()`.

    For SASL EXTERNAL, certificate/domain verification is already performed by `ExternalServerSaslServer.evaluateResponse(...)`, while authentication method assignment is already handled in `authenticationSuccessful(...)`.

    This change simplifies control flow and clarifies responsibility without intended behavior change.

    • xmppserver/src/main/java/org/jivesoftware/openfire/net/SASLAuthentication.java (version f9d4cc53d362f91d674377b6aa1eb7bb545a3f53)
  • Guus der Kinderen

    Guus der Kinderen 5a01e4b59a323defbbe9a3bde11aa01976202c55

    Ensure authentication is reported as failed when user is locked out

    • xmppserver/src/main/java/org/jivesoftware/openfire/net/SASLAuthentication.java (version 5a01e4b59a323defbbe9a3bde11aa01976202c55)
  • Guus der Kinderen

    Guus der Kinderen eab4eac041fc0ab7cef07b58b18c9a1898fa1b18

    OF-3273: Enforce session-eligible SASL mechanism validation during authentication
    Ensure SASL mechanism selection in `SASLAuthentication.handle(...)` is constrained to the mechanisms available for the current session, matching stream feature advertisement behavior.

    Previously, Openfire validated mechanisms against globally enabled configuration only, which allowed peers to attempt mechanisms that were not advertised for a specific connection/session type. This change adds a session-scoped eligibility check and rejects non-available mechanisms with `invalid-mechanism`. This aligns mechanism acceptance with negotiated capabilities and prevents use of mechanisms outside per-session policy.

    • xmppserver/src/main/java/org/jivesoftware/openfire/net/SASLAuthentication.java (version eab4eac041fc0ab7cef07b58b18c9a1898fa1b18)
    • xmppserver/src/test/java/org/jivesoftware/openfire/net/SASLAuthenticationTest.java (version eab4eac041fc0ab7cef07b58b18c9a1898fa1b18)
  • Guus der Kinderen

    Guus der Kinderen e650e47c5fb1cb0d398fddc5daa8a651b885a678

    (code review) Gate SASL EXTERNAL advertisement on enabled mechanisms
    Only include EXTERNAL in available server-session mechanisms when it is enabled/supported, preventing it from being advertised in stream features when disabled in sasl.mechs.

    • xmppserver/src/main/java/org/jivesoftware/openfire/net/SASLAuthentication.java (version e650e47c5fb1cb0d398fddc5daa8a651b885a678)
    • xmppserver/src/test/java/org/jivesoftware/openfire/net/SASLAuthenticationTest.java (version e650e47c5fb1cb0d398fddc5daa8a651b885a678)