changeset 801:68eadda8a59a

server_side: fixed confusion between jid user and host when there's not arobase
author souliane <souliane@mailoo.org>
date Wed, 09 Dec 2015 11:19:41 +0100
parents 4caf2caa898a
children 8faaaa6ec7ca
files src/server/server.py
diffstat 1 files changed, 16 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/src/server/server.py	Wed Dec 09 03:11:05 2015 +0100
+++ b/src/server/server.py	Wed Dec 09 11:19:41 2015 +0100
@@ -819,19 +819,26 @@
             request.finish()
             return
 
-        # redirect "user@libervia.org" to the "user" profile
-        if login_jid.host == new_account_domain:
-            login = login_jid.user
+        # XXX: if there's no arobase in the JID, its host part is filled and the SàT profile name
+        # is there ; we need to look in the JID's user part to know if there's an arobase or not.
+
+        if login_jid.user and login_jid.host == new_account_domain:
+            # redirect "user@libervia.org" to the "user" profile
+            login_jid = jid.JID(login_jid.user)
 
         try:
-            profile = self.sat_host.bridge.getProfileName(login)
+            profile = self.sat_host.bridge.getProfileName(login_jid.full())
         except Exception:  # XXX: ProfileUnknownError wouldn't work, it's encapsulated
-            # try to create a new sat profile using the XMPP credentials
-            profile = login
-            connect_method = "asyncConnectWithXMPPCredentials"
-            register_with_ext_jid = True
+            if login_jid.user:  # try to create a new sat profile using the XMPP credentials
+                profile = login_jid.full()
+                connect_method = "asyncConnectWithXMPPCredentials"
+                register_with_ext_jid = True
+            else: # non existing username
+                request.write(C.PROFILE_AUTH_ERROR)
+                request.finish()
+                return
         else:
-            if profile != login or (not password and profile not in self.sat_host.empty_password_allowed_warning_dangerous_list):
+            if profile != login_jid.full() or (not password and profile not in self.sat_host.empty_password_allowed_warning_dangerous_list):
                 # profiles with empty passwords are restricted to local frontends
                 request.write(C.PROFILE_AUTH_ERROR)
                 request.finish()