Commit 0d0c7fe
committed
Support SASL2 FAST authentication
FAST is a cookie-style authentication method that
lets clients store and auth with an unguesseable token.
It enables clients to forget the user's full password,
which is especially important for web-based clients,
that are prone to data leaks. Leaked tokens can be
invalidated.
- https://xmpp.org/extensions/xep-0484.html
- https://xmpp.org/extensions/xep-0388.html
Intended to fix conversejs/converse.js#3144
Some aside changes I needed for this:
- I let handlers listen to the *opening* stanza
- Set 'from' on the opening <stream> tag. (ref: https://github.com/xmppjs/xmpp.js/pull/1006/files#r1893267922)
- Create a type of handler that can search *nested data*.
This made setting up listeners a lot more convenient.
- During connection, replace has_features with
the direct XML <stream:features>
more direct and defensive.
- Moved Status.AUTHENTICATING before FAST/SASL
Still TODO:
- support the other HT- methods from the spec
- rewrite the SASL code into sasl.js to look like sasl2.js ?
- allow fallback from SASL2 to SASL (currently
assumes only ONE login method will be tried per
connect(), which could block login if one is failing)
- pull SASL2 into sasl2.js and make it a plugin
- Disentangle the circular dependency between
index.js loading sasl2.js/sasl2_fast.js but them needing to talk to Strophe
- Invalidate token on logout
(and in the corresponding Converse.js branch,
actually forget the token on logout)1 parent 4b1b33b commit 0d0c7fe
12 files changed
Lines changed: 771 additions & 142 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
146 | 146 | | |
147 | 147 | | |
148 | 148 | | |
| 149 | + | |
149 | 150 | | |
150 | 151 | | |
151 | 152 | | |
| |||
451 | 452 | | |
452 | 453 | | |
453 | 454 | | |
| 455 | + | |
454 | 456 | | |
455 | 457 | | |
456 | 458 | | |
| |||
0 commit comments