BUG: POP3AuthProvider

Openfire Openfire Support
1

A serious bug in POP3AuthProvider prevents authentification without specifieing a full jid as username.

Code starting at line 120:

if (username.contains("@")) {

// Check that the specified domain matches the server’s domain

int index = username.indexOf("@");

String domain = username.substring(index + 1);

if (domain.equals(XMPPServer.getInstance().getServerInfo().getName())) {

username = username.substring(0, index);

}

} else {

// Unknown domain. Return authentication failed.

throw new UnauthorizedException();

}

This else clause is attended to the wrong if! Code should look like:

if (username.contains("@")) {

// Check that the specified domain matches the server’s domain

int index = username.indexOf("@");

String domain = username.substring(index + 1);

if (domain.equals(XMPPServer.getInstance().getServerInfo().getName())) {

username = username.substring(0, index);

}else {

// Unknown domain. Return authentication failed.

throw new UnauthorizedException();

}

}

2

POP3AuthProvider should be configurable wether to use a random string or the pop password of the user when creating a user in openfire database.

Attached a diff extending this functionality, solving the bug described above and some usefull commentary on POP3UserProvider in documentation section.

uploading the attachement failed without error :confused: so i’m pasting the diff here:

42a43,45

*The POP3UserProvider will prevent changing email adresses of users. Else it will behave excatly

*like the DefaultUserProvider.

63a67,68

    •  <li>pop3.randomUserPassword -- if true a random String will be used as password when creating
  • a User, else the given password will be used. Default value is true.

76a82

private boolean randomUserPassword = true;

88a95,96

randomUserPassword = Boolean.valueOf(JiveGlobals.getXMLProperty(“pop3.randomUserPassword”));

108a117

Log.debug("\t randomUserPassword: " + randomUserPassword);

126,127c135

< }

< } else {

}else {

129,130c137,138

< throw new UnauthorizedException();

< }

throw new UnauthorizedException();}

}

192c200,201

< // Create user; use a random password for better safety in the future.

if (randomUserPassword){

// Create user; use a random password for better safety in the future.

194,196c203,209

< // provider is read-only, UserManager will usually deny access to createUser.

< UserManager.getUserProvider().createUser(username, StringUtils.randomString(8),

< null, email);

// provider is read-only, UserManager will usually deny access to createUser.

UserManager.getUserProvider().createUser(username, StringUtils.randomString(8),

null, email);

}

else{

UserManager.getUserProvider().createUser(username, password, null, email);

}

3

Nobody out there interested in fixing bugs?