Commit 1cb9581
committed
Support SASL2 FAST authentication
FAST is a cookie-style authentication method that
lets clients store and auth with an unguesseable token.
It enables clients to forget the user's full password,
which is especially important for web-based clients,
that are prone to data leaks. Leaked tokens can be
invalidated.
- https://xmpp.org/extensions/xep-0484.html
- https://xmpp.org/extensions/xep-0388.html
Intended to fix conversejs/converse.js#3144
Some aside changes I needed for this:
- I let handlers listen to the *opening* stanza
- Set 'from' on the opening <stream> tag. (ref: https://github.com/xmppjs/xmpp.js/pull/1006/files#r1893267922)
- Create a type of handler that can search *nested data*.
This made setting up listeners a lot more convenient.
- During connection, replace has_features with
the direct XML <stream:features>
more direct and defensive.
- Moved Status.AUTHENTICATING before FAST/SASL
Still TODO:
- support the other HT- methods from the spec
- rewrite the SASL code into sasl.js to look like sasl2.js ?
- allow fallback from SASL2 to SASL (currently
assumes only ONE login method will be tried per
connect(), which could block login if one is failing)
- pull SASL2 into sasl2.js and make it a plugin
- Disentangle the circular dependency between
index.js loading sasl2.js/sasl2_fast.js but them needing to talk to Strophe
- Invalidate token on logout
(and in the corresponding Converse.js branch,
actually forget the token on logout)1 parent 4b1b33b commit 1cb9581
12 files changed
Lines changed: 808 additions & 167 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
146 | 146 | | |
147 | 147 | | |
148 | 148 | | |
| 149 | + | |
149 | 150 | | |
150 | 151 | | |
151 | 152 | | |
| |||
424 | 425 | | |
425 | 426 | | |
426 | 427 | | |
427 | | - | |
| 428 | + | |
428 | 429 | | |
429 | 430 | | |
430 | 431 | | |
| |||
451 | 452 | | |
452 | 453 | | |
453 | 454 | | |
| 455 | + | |
454 | 456 | | |
455 | 457 | | |
456 | 458 | | |
457 | 459 | | |
458 | 460 | | |
459 | | - | |
| 461 | + | |
460 | 462 | | |
461 | 463 | | |
462 | 464 | | |
| |||
482 | 484 | | |
483 | 485 | | |
484 | 486 | | |
485 | | - | |
486 | | - | |
487 | | - | |
488 | | - | |
| 487 | + | |
| 488 | + | |
| 489 | + | |
| 490 | + | |
489 | 491 | | |
490 | 492 | | |
491 | 493 | | |
| |||
627 | 629 | | |
628 | 630 | | |
629 | 631 | | |
630 | | - | |
| 632 | + | |
631 | 633 | | |
632 | 634 | | |
633 | 635 | | |
| |||
694 | 696 | | |
695 | 697 | | |
696 | 698 | | |
697 | | - | |
698 | | - | |
699 | | - | |
| 699 | + | |
| 700 | + | |
| 701 | + | |
700 | 702 | | |
701 | 703 | | |
702 | 704 | | |
| |||
714 | 716 | | |
715 | 717 | | |
716 | 718 | | |
717 | | - | |
| 719 | + | |
718 | 720 | | |
719 | 721 | | |
720 | 722 | | |
| |||
0 commit comments