xmpp/CHANGELOG.md -rw-r--r-- 14.9 KiB
pubsub: make internal package public

After thinking about it more, let's go ahead and make pubsub a public
package. We'll have plenty of time to fatten it up a bit before the next
release and this will save us time moving imports around in other
packages later.

Signed-off-by: Sam Whited <sam@samwhited.com>
docs: update changelog to include deprecations

Signed-off-by: Sam Whited <sam@samwhited.com>
all: release v0.20.0

Signed-off-by: Sam Whited <sam@samwhited.com>
all: add strict namespace checking to mux

Previously anything that had a local name that looked like a stanza
("message", "iq", or "presence") would be treated as such, opening us up
to potential vulnerabilities in servers that allow a
{jabber:server}message on a jabber:client stream but don't treat it as a
stanza, for example.
Being more strict about checking namespaces helps to avoid this issue,
but does require a breaking change to the mux API.

Signed-off-by: Sam Whited <sam@samwhited.com>
all: be more strict about stanza namespaces

Previously we were checking if something was a stanza based on faulty
assumptions (that there were only two valid stanza namespaces) and
without precision (we'd accept it if it were either namespace or none
instead of only accepting the actual namespace used by teh stream).
This PR fixes this to ensure that eg. a vulnerability that causes the
server to allow {jabber:server}message's sent over a jabber:client
stream without any of the normal security measures still won't affect
this library (hopefully).

This PR updates all locations to use the new APIs, but does not
necessarily perform the correct checks. A followup PR will be rquired to
upgrade some of the packages (eg. mux) to use the correct namespace.

Signed-off-by: Sam Whited <sam@samwhited.com>
xmpp: add In and Out methods to session

This patch deprecates the InSID and OutSID methods in favor of returning
the entire stream info.
In the future this will let us more easily access the stream language,
SID, namespace used, etc. and unlocks major changes throughout the rest
of the package including removing the S2S state bit among others.

Fixes #175

Signed-off-by: Sam Whited <sam@samwhited.com>
xmpp: make stream config more flexible

Previously the stream config was a struct and the only thing that could
be changed between stream restarts was the features we advertised.
However, we may want to change other parts of the stream config between
restarts. For example, if we figure out the users JID after the first
step we may want to look them up in the database and set the default
stream language based on their preferences.

To accomplish this we now take a stream config function instead of
taking the struct directly (and the Features field has gone back to
being a slice and is no longer a function itself).
Each time we iterate we update the config by calling the function, which
can look up properties of the session before deciding what config needs
to change.

Fixes #106

Signed-off-by: Sam Whited <sam@samwhited.com>
all: implement disco identities and forms

Previously our service discovery implementation could only respond with
features. However, service discovery also supports "identities" and has
an extension mechanism that lets it respond with arbitrary data in the
form (pun intended) of a form result.

Adding implementations of these iterators to the mux and using them in
the disco handler brings us fully up to date on service discovery
features and should allow us to also implement entity capabilities in
the near future.

Signed-off-by: Sam Whited <sam@samwhited.com>
disco: move identity into info package

Moving the identity into the info package will let us implement the
identity iterator in the same way it is currenlty done for the features
iter without having import loops in packages that are imported by disco.

Also fix a bug where identities were marshaled wrong that hadn't been
noticed before due to a lack of use/testing.

Signed-off-by: Sam Whited <sam@samwhited.com>
form: add Len and Raw methods

Signed-off-by: Sam Whited <sam@samwhited.com>
mux: support responding to disco#items requests

Signed-off-by: Sam Whited <sam@samwhited.com>
disco: move Item to new items package.

Previously we had planned to move Item into the info package so that
iterators for items and the like could live alongside iterators for
info. However, Items require using JID which would result in yet another
import loop. At the risk of creating tiny package syndrome, we've
instead opted to create an items package as well since the JID package
will likely never use the items side of service discovery.

Signed-off-by: Sam Whited <sam@samwhited.com>
paging: ensure index is an attribute

Signed-off-by: Sam Whited <sam@samwhited.com>
history: add initial implementation of MAM

Signed-off-by: Sam Whited <sam@samwhited.com>
stanza: return more detailed error text

Signed-off-by: Sam Whited <sam@samwhited.com>
xmpp: cleanup changelog and add recent work

Signed-off-by: Sam Whited <sam@samwhited.com>
disco/info: new package containing disco features

Previously we had a disco.Feature type. However, packages may want to
provide their feature as a convenience to be easily registered in the
future. If they do this, we will create import loops between any
packages that are already imported by disco (ie. jid and paging). Moving
features out to its own info package will allow other packages to import
it without bringing in all of the disco package.

Signed-off-by: Sam Whited <sam@samwhited.com>
roster: respond to IQs in roster push handler

Previously we didn't respond to the roster push IQs, meaning that the
library always responded with a default "unsupported feature" response.
Instead, respond with "success" if the push handler does not result in
an error, the error itself if it returns a stanza.Error, or just return
the error (terminating the stream) if another error is returned.
This last behavior may change in a future commit (eg. to send an
application specific error or an internal-server-error and keep the
stream running).

Signed-off-by: Sam Whited <sam@samwhited.com>
roster: support roster versioning

Though the payloads had version strings on them and a roster versioning
feature existed, it wasn't possible to fetch a roster using the roster
version so support wasn't really done. This makes it possible to
actually use roster versioning.

Signed-off-by: Sam Whited <sam@samwhited.com>
xmpp: return start token for iter IQ payloads

Previously the start token was discarded when calling IterIQ or
IterIQElement. However, we may need attributes from it, making IterIQ
impossible to use for some cases where we still might want an easy way
to iterate. Returning the start element fixes this and avoids a lot of
boilerplate re-implementing iter IQ for every place we might want to do

Signed-off-by: Sam Whited <sam@samwhited.com>