powered by Jive Software

OpenFire still provides entry forms for already-registered room users

If a user is already registered to the room, OpenFire will still bring up a registration form for that user, if the user sends a registration request. This can result in immediate demotions for a room (after the registration request has been submitted), including removing the room owner.

Here’s the room join dialog (note the bold):

(18:23:51) jabber: Sending (ssl) (bbyrd@foobar.com/spark): 1<x xmlns='http://jabber.org/protocol/muc’/>

(18:23:51) jabber: Recv (ssl)(415): 1

(18:23:51) jabber: Sending (ssl) (bbyrd@foobar.com/spark): <query xmlns=‘http://jabber.org/protocol/disco#info’ node='http://jabber.org/protocol/muc#traffic’/>

(18:23:51) jabber: Recv (ssl)(377): 1

(18:23:51) jabber: Recv (ssl)(221): This room is not anonymous.

(18:23:51) jabber: Recv (ssl)(317):

And here’s the registration request:

(18:27:56) jabber: Sending (ssl) (bbyrd@foobar.com/spark):

(18:27:56) jabber: Recv (ssl)(972): Registration with the roomPlease provide the following information to register with this room.http://jabber.org/protocol/muc#registerbbyrd

This breaks XMPP protocol standards here: http://xmpp.org/extensions/xep-0045.html#register

If the user requesting registration requirements is not allowed to register with the room (e.g., because that privilege has been restricted), the room MUST return a error to the user. If the user is already registered, the room MUST reply with an IQ stanza of type “result” that contains an empty element as described in XEP-0077. If the room does not exist, the service MUST return an error.

OF-474