I have detected two different bugs that occur after a user tries to de-register.
According to XEP-0077, the server SHOULD return a <not-authorized/> stream error. Openfire does not.
This is easily fixed by adding a few lines like these to IQRegisterHandler#handleIQ() (insert them just before the existing line ‘‘session.getConnection().close();’’):
... // Close the user''s connection
final StreamError error = new StreamError(StreamError.Condition.not_authorized);
session.getConnection().deliverRawText(error.toXML());
session.getConnection().close(); ...
The second bug is that de-registration does not explicitly close connections from the same user, on other resources. Instead of just closing the session that received the de-registration request, the server should close all sessions.
Combined with the fix for the previous bug, the code could be modified to look something like this:
... // Close the user''s connections
final StreamError error = new StreamError(StreamError.Condition.not_authorized);
for (ClientSession sess : sessionManager.getSessions(user.getUsername()) )
{
sess.getConnection().deliverRawText(error.toXML());
sess.getConnection().close();
} ...
I’'ve added a JUnit 3.8 Testcase that includes tests that check for the desired behavior. The testcase requires Smack.