~samwhited/xmpp

xmpp/roster d---------
all: add strict namespace checking to mux

Previously anything that had a local name that looked like a stanza
("message", "iq", or "presence") would be treated as such, opening us up
to potential vulnerabilities in servers that allow a
{jabber:server}message on a jabber:client stream but don't treat it as a
stanza, for example.
Being more strict about checking namespaces helps to avoid this issue,
but does require a breaking change to the mux API.

Signed-off-by: Sam Whited <sam@samwhited.com>
internal/stream: remove s2s bool from stream send

Previously we set the namespace depending on whether a server-to-server
value was set. However, the namespace is set in the stream and may be
other values (such as the Jabber Component namespace) as well, so just
leave this alone and let the negotiator handle it.

Signed-off-by: Sam Whited <sam@samwhited.com>
roster: respond to IQs in roster push handler

Previously we didn't respond to the roster push IQs, meaning that the
library always responded with a default "unsupported feature" response.
Instead, respond with "success" if the push handler does not result in
an error, the error itself if it returns a stanza.Error, or just return
the error (terminating the stream) if another error is returned.
This last behavior may change in a future commit (eg. to send an
application specific error or an internal-server-error and keep the
stream running).

Signed-off-by: Sam Whited <sam@samwhited.com>
roster: support roster versioning

Though the payloads had version strings on them and a roster versioning
feature existed, it wasn't possible to fetch a roster using the roster
version so support wasn't really done. This makes it possible to
actually use roster versioning.

Signed-off-by: Sam Whited <sam@samwhited.com>
roster: add type to IQ response in test

Previously this didn't matter even though it was technically invalid,
but now we won't associate it with the response unless the type is
specified, causing the test to block.

Signed-off-by: Sam Whited <sam@samwhited.com>
all: update build tags for Go 1.17

See: https://golang.org/issues/41184

Signed-off-by: Sam Whited <sam@samwhited.com>
roster: minor code shuffling

Move some code around so that a type is right above its methods. No
biggie.

Signed-off-by: Sam Whited <sam@samwhited.com>
roster: add stream feature for versioning

Signed-off-by: Sam Whited <sam@samwhited.com>
roster: fix name of version attribute

The version attribute should actually be called "ver" per RFC6121.

Signed-off-by: Sam Whited <sam@samwhited.com>
roster: minor test improvements

Check iterator behavior on tests where the iterator should never have
any items instead of just skipping over it.

Signed-off-by: Sam Whited <sam@samwhited.com>
session: don't return early EOF on empty iter

Previously if requesting an iterator for an IQ result if the IQ had no
payload an io.EOF was returned. Instead, return "success" in the form of
an empty iterator that will never iterate.

Also update some tests that would be broken by this change.

Signed-off-by: Sam Whited <sam@samwhited.com>
all: fix tests broken by upstream change

We recently reported a minor DOS vector in the encoding/xml package
which was fixed by d0b79e3513a2. This revealed issues with the iterators
in the disco and roster packages that had previously been hidden by the
bad behavior of encoding/xml.

Signed-off-by: Sam Whited <sam@samwhited.com>
roster: use new IterIQ method

Fixes #117

Signed-off-by: Sam Whited <sam@samwhited.com>
roster: fix integration tests

That's what I get for continuing to run integration tests where one of
them fails, actual important failures get missed.

Signed-off-by: Sam Whited <sam@samwhited.com>
roster: support multiple groups

Fixes #82

Signed-off-by: Sam Whited <sam@samwhited.com>
roster: cleanup old tests to use ClientServer

Signed-off-by: Sam Whited <sam@samwhited.com>
roster: add Set and Delete functions

Also add some integration tests for basic roster management.

See #70

Signed-off-by: Sam Whited <sam@samwhited.com>
roster: fix infinite loop in roster processing

Previously due to some pointer and logic issues we were unmarshaling the
first item over and over and never iterating through the list.
This also fixes a bug where all roster queries (even updates) would
marshal the request as a "get" IQ.

Signed-off-by: Sam Whited <sam@samwhited.com>
roster: remove workaround for encoding/xml bug

An issue existed in versions of Go prior to 1.14 that caused the decoder
to error if the underlying xml.TokenReader returned a token and io.EOF
at the same time.
Now that this is fixed in all supported versions of Go, remove our
workaround.

See https://golang.org/cl/130556

Fixes #29

Signed-off-by: Sam Whited <sam@samwhited.com>
roster: fix panic when closing errored roster iter

When requesting the roster we create an iterator. If an error occurs, we
defer reporting the error until the iterator is used and the internal
xmlstream.Iter that it holds will be nil. Unfortunately, this caused a
panic if we defer a call to iter.Close. Closing a nil iterator is a noop
and is expected behavior, so don't report an error and don't panic in
this case.

Signed-off-by: Sam Whited <sam@samwhited.com>
Next