I have Openfire running, and experience an issue where users can unsubscribe from another users roster while roster sharing is enabled in a group (which should not be possible). This would not be a big issue, however re-subscribing is impossible, even from the admin panel. To re-subscribe, I need to disable user roster sharing in the group settings and re-enable it. This is quite a major problem since users often don’t even realize they unsubscribed.
Steps to reproduce:
=Configuration=
Create some users, add them to a group.
Enable “Contact List (Roster) Sharing” for that group.
Verify in the admin panel that all users have subscribed to each other.
Install Blabber.im on a smartphone (Android client), log in to one of the group’s users.
=Trigger the issue=
On Blabber.im, add a chat with one of the group’s users, remove checkmarks for “Send presence updates” and “Receive presence updates” under a contact’s properties (tap the username in the top of the chat window).
Now, back in the Openfire admin panel, check the user roster. It will have subscriptions removed.
This subscription now can’t be enabled again, not from the Blabber.im client (it will report it is subscribed already), and not from the admin panel (it will throw an error). The only way to re-enable this subscription (AFAIK) is to toggle the roster sharing for the whole group.
The issue is quite severe, since users can’t see whether they unsubscribed since the client still reports it is subscribed, and if you accidentally remove subscription you can’t enable it again (as a user) since it will report to be enabled anyway.
From my point of view, the best fix to avoid this issue would be to block client-side subscription editing for users that are in the same group with roster sharing enabled. This now seems to be broken. (The admin panel error is another issue, but IMO not as severe since shared rosters should not be editable anyway.)
Thanks for reporting this. I appreciate the details in the report.
I think you’re right: Openfire isn’t behaving in a consistent manner here. I have reproduced the problems in a development build of Openfire (4.8.0-SNAPSHOT), using a Smack debugger to send raw XMPP stanzas.
Even though Openfire will reject a roster change request, it does not seem to reject a presence subscription change request. That is not very consistent. Even though the subscription state is changed, no roster update is sent out. That is probably why Babbler won’t let you resubscribe.
As for the admin console showing a stack trace when trying to manually ‘fix’ the problem: I don’t think it should even allow you to do so, when the contact is a shared contact. I’ve raised [OF-2396] - Ignite Realtime Jira for this.
Hi Bas, sorry for this. Some issues sadly drop off the radar, especially when there’s little noise around it. Thanks for bumping it up again.
As a bunch of volunteers, we’ve got limited resources, that typically get gobbled up by issues that are either visibly affecting a lot of people, for which we’re commissioned, or for which PRs are being provided by third parties. That’s not pretty, but it is how things sometimes work.
I’ve re-read what we’ve discussed earlier, and have gone through the code. I think a small code change will improve things, but I wonder if I’m right: if it’s this easy, why didn’t I do that back then? I likely had thought of the same fix, but have discarded it for reasons that have since been lost to time.
Excellent. Today’s (20-DEC-2024) nightly builds of Openfire should have the fix. You can use those to test things! Nightly builds can be downloaded here: Ignite Realtime: Openfire Nightly Builds