Does Openfire support XEP-0106?

Openfire Openfire Dev
1

I see that this XEP-0106 is on the list of supported ones, but I can also create an account with prohibited characters. - Openfire: Protocol Support

image
image711×548 20.7 KB

Such users may break the Search plugin for Spark.

SEVERE: Smack message parsing exception. Content: '</field><field xmlns='jabber:x:data' var='Username'><value>&lt;&gt;</value></field><field xmlns='jabber:x:data' var='Name'><value>1</value></field></item><item xmlns='jabber:x:data'><field var='Email'><value/></field><field var='jid'><value>test1234567@ansible.lan</value></field><field var='Username'><value>test1234567</value></field><field var='Name'><value/></field></item><item xmlns='jabber:x:data'><field var='Email'><value/></field><field var='jid'><value>test111111@ansible.lan</value></field><field var='Username'><value>test111111</value></field><field var='Name'><value/></field></item><item xmlns='jabber:x:data'><field var='Email'><value/></field><field var='jid'><value>test1234588@ansible.lan</value></field><field var='Username'><value>test1234588</value></field><field var='Name'><value/></field></item><item xmlns='jabber:x:data'><field var='Email'><value/></field><field var='jid'><value>test1@ansible.lan</value></field><field var='Username'><value>test1</value></field><field var='Name'><value/></field></item><item xmlns='jabber:x:data'><field var='Email'><value/></field><field var='jid'><value>рустам111@ansible.lan</value></field><field var='Username'><value>рустам111</value></field><field var='Name'><value/></field></item></x></query></iq>'
org.jxmpp.stringprep.XmppStringprepException: XmppStringprepException caused by '<>@ansible.lan': org.jxmpp.stringprep.XmppStringprepException: Localpart must not contain '<'
	at org.jxmpp.jid.impl.JidCreate.from(JidCreate.java:208)
	at org.jxmpp.jid.impl.JidCreate.from(JidCreate.java:189)
	at org.jxmpp.jid.impl.JidCreate.from(JidCreate.java:177)
	at org.jivesoftware.smackx.xdata.JidSingleFormField$Builder.setValue(JidSingleFormField.java:66)
	at org.jivesoftware.smackx.xdata.provider.DataFormProvider.parseField(DataFormProvider.java:285)
	at org.jivesoftware.smackx.xdata.provider.DataFormProvider.parseItem(DataFormProvider.java:376)
	at org.jivesoftware.smackx.xdata.provider.DataFormProvider.parse(DataFormProvider.java:105)
	at org.jivesoftware.smackx.xdata.provider.DataFormProvider.parse(DataFormProvider.java:61)
	at org.jivesoftware.smack.provider.Provider.parse(Provider.java:53)
	at org.jivesoftware.smack.util.PacketParserUtils.parseExtensionElement(PacketParserUtils.java:840)
	at org.jivesoftware.smack.util.PacketParserUtils.addExtensionElement(PacketParserUtils.java:928)
	at org.jivesoftware.smack.util.PacketParserUtils.addExtensionElement(PacketParserUtils.java:923)
	at org.jivesoftware.smackx.search.UserSearch$Provider.parse(UserSearch.java:145)
	at org.jivesoftware.smack.provider.IQProvider.parse(IQProvider.java:64)
	at org.jivesoftware.smack.provider.IqProvider.parse(IqProvider.java:40)
	at org.jivesoftware.smack.util.PacketParserUtils.parseIQ(PacketParserUtils.java:555)
	at org.jivesoftware.smack.util.PacketParserUtils.parseStanza(PacketParserUtils.java:113)
	at org.jivesoftware.smack.AbstractXMPPConnection.parseAndProcessStanza(AbstractXMPPConnection.java:1450)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1000(XMPPTCPConnection.java:131)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:972)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$700(XMPPTCPConnection.java:916)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:939)
	at java.lang.Thread.run(Thread.java:748)
Caused by: org.jxmpp.stringprep.XmppStringprepException: Localpart must not contain '<'
	at org.jxmpp.stringprep.simple.SimpleXmppStringprep.ensurePartDoesNotContain(SimpleXmppStringprep.java:107)
	at org.jxmpp.stringprep.simple.SimpleXmppStringprep.localprep(SimpleXmppStringprep.java:96)
	at org.jxmpp.stringprep.XmppStringPrepUtil.localprep(XmppStringPrepUtil.java:77)
	at org.jxmpp.jid.parts.Localpart.from(Localpart.java:178)
	at org.jxmpp.jid.impl.LocalAndDomainpartJid.<init>(LocalAndDomainpartJid.java:47)
	at org.jxmpp.jid.impl.JidCreate.from(JidCreate.java:136)
	at org.jxmpp.jid.impl.JidCreate.from(JidCreate.java:206)
	... 22 more

Message history will not be saved due to the fact that the operating system prohibits the creation of files with the symbols < and >

SEVERE: 
java.io.FileNotFoundException: C:\Users\Plyha\AppData\Roaming\Spark\user\<>@ansible.lan\vcards\YW9yb25qb2huc29uQGFuc2libGUubGFu (syntax error in file name, folder name, or volume label)
	at java.io.FileOutputStream.open0(Native Method)
	at java.io.FileOutputStream.open(FileOutputStream.java:270)
	at java.io.FileOutputStream.<init>(FileOutputStream.java:213)
	at java.io.FileOutputStream.<init>(FileOutputStream.java:162)
	at org.jivesoftware.sparkimpl.profile.VCardManager.persistVCard(VCardManager.java:760)
	at org.jivesoftware.sparkimpl.profile.VCardManager.reloadVCard(VCardManager.java:512)
	at org.jivesoftware.sparkimpl.profile.VCardManager.lambda$startQueueListener$1(VCardManager.java:174)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
2

Hi @ilyaHlevnoy!

Openfire does support that XEP (but I cannot rule out a bug of course). Please note that the characters are not ‘prohibited’. You can use them, but if you do, then Openfire will escape them.

When I use the admin console to create a new user with the username <>, then this appears to succeed. If you then look at the database, you’ll see this:

Your query: SELECT username FROM ofUser;

Your response:
USERNAME
\3c\3e
admin
jane
john

Note how the username <> got escaped to \3c\3e.

You obviously have a problem, as shown by your logs. This may be Spark bug, instead of one in Openfire (there possibly is one in the Search plugin for Openfire, maybe?).