Openfire 4.2.3, Monitoring Service 1.6.0 does not check user has the right to enter the archive

I’d like to report a bug in Monitoring Service 1.6.0.

We’ve been testing MAM support of Openfire 4.2.3 and Monitoring Service 1.6.0 and found that MAM section 5.1.2 MUC Archives is currently not supported for password protected chat rooms.

According to XEP-0313 MAM, a MUC archive MUST check that the user requesting the archive has the right to enter it at the time of the query and only allow access if so.

This is currently not the case for password protected rooms. Any user can access the MAM archive without being prompted for a password.

However, section 5.1.2 MUC Archives is respected and working correctly for moderated chat rooms.

Thank you for reporting this. I’ve used your text to create an issue in our tracker: https://issues.igniterealtime.org/browse/OF-1566

Thanks Guus for the quick turn-around on PR #1102 !