-
Notifications
You must be signed in to change notification settings - Fork 365
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authentication race condition #101
Comments
Do you know why Strophe doesn't continue to poll when receiving message before the Your fix looks a bit like a band-aid and not as if it addresses the root problem. |
Unfortunately it looks like all of the sasl authentication phases assume only the correct message will come down the stream. That's probably ok except for the last phase where the server believes the client is authenticated but the client doesn't know that yet. My patch was a quick fix so I could move forward, I think the correct fix will take a little more work. The issue is in the _onIdle function. It begins with the following if statement:
In this particular case this._conn.authenticated == false so it doesn't push a null request. The rest of that function only polls the server if this._requests.length > 0. So at this point the client will never make another request to the server and never see the final authentication message. I think the other issue is that the authentication code will never see the regular message so it doesn't even know a message came in that should be ignored and the server be polled again for more messages. |
Authentication hangs while attempting to login to openfire 3.9.3 when the client is sent chat messages 3 times per second. Logins would fail about 2 out of 3 attempts. It appears strophe gets confused when the server sends a regular message before strophe receives the final _session_auth_2 iq message. From the server perspective the client is authenticated so it is ok to send the regular message. Strophe does not keep polling for new messages, so it gets the regular message but never polls a second time to get the pending _session_auth_2 iq which is needed to complete the authentication.
You can see in the following failed login example that at line 67 the regular message comes in and strophe stops polling for any new messages.
Good login:
Failed login:
I added a system timed handler to bump the polling logic when it stops in this state. Probably not the best solution but it works for me right now.
The text was updated successfully, but these errors were encountered: