Hello Openfire development:
There seems to be a bug in Openfire (v3.7.1) when processing affiliation/role change. When a room administrator sends the following IQ affiliation/role change stanza, with multiple items, the server returns a BAD_REQUEST 400 response.
<query xmlns='jabber.org/protocol/muc#admin''> <item jid='user@mydomain/myresource' affiliation='none'/> <item nick='mynick' role='participant'> <query/>
The code which causes this to happen is on line 213 in IQAdminHandler class’s handleItemsElement method:
boolean hasAffiliation = ((Element) itemsList.get(0)).attributeValue(“affiliation”) != null;
The handleItemsElement method loops through each item and checks for role affiliation changes, but the code only checks the first item for an affiliation attribute (above) and in turn falsely reports that the second item has an affiliation (hasAffiliation == true) causing a 400 response.
If the hasAffiliation assignment is moved inside the loop to line 223 and changed to below the error is fixed:
boolean hasAffiliation = item.attributeValue(“affiliation”) != null;