Authentication failure by websocket and BOSH with converse.js #4142
Comments
|
Browser console log for Converse debug mode? |
|
I can reproduce using when using master branch: Using git bisect, it seems the commit that introduced the problem is one of b556fae b5ce53c How to reproduce: Apply this configuration change: diff --git a/ejabberd.yml.example b/ejabberd.yml.example
index df52c85be..a2484b190 100644
--- a/ejabberd.yml.example
+++ b/ejabberd.yml.example
@@ -66,6 +66,8 @@ listen:
request_handlers:
/admin: ejabberd_web_admin
/.well-known/acme-challenge: ejabberd_acme
+ /conversejs: mod_conversejs
+ /ws: ejabberd_http_ws
-
port: 3478
ip: "::"
@@ -155,6 +157,7 @@ shaper_rules:
s2s_shaper: fast
modules:
+ mod_conversejs: {}
mod_adhoc: {}
mod_admin_extra: {}
mod_announce:Compile ejabberd: ./autogen.sh
./configure --with-rebar=`which rebar3`
make
make relivethen in another window register an account Finally, go to the Conversations page and try to login: http://localhost:5280/conversejs/ |
|
@badlop: Attention, it is converse.js not Conversations. |
|
This looks issue with xmpp lib used here, seems that it doesn't like d= attribute in sasl payload that downgrade protection commits adds, and makes it return base64 encoded "false" in response to sasl challenge. Will probably need to add option to at least disable offering those. |
|
Looks like it's from this: https://github.com/strophe/strophejs/blob/master/src/scram.js#L52 |
|
I created pull request in strophejs that fixes this: strophe/strophejs#698 |
|
That PR in the client library is great for the long-term :) But looking at strophe and converse.js git repositories activity, that may take a while. In the short term, existing Converse.js clients will not work with the next ejabberd release until the client is fixed. Just in case the next ejabberd release gets published before a fix is ready in that client: is there anything admins with newer ejabberd can do to get old buggy Converse.js working? |
|
Temporarily, locate the following text in converse.min.js: Delete the text “default:”, leaving it as follows: It works for me now without problems |
|
I will introduce option to disable this, probably even two options to configure sasl and sasl2 separately, we probably can enable it for sasl2 by default and disable for sasl (but as mitm downgrade protection separating those two don't make that much sense mitm box could just downgrade to old sasl then, so maybe not worth doing this separately for both?) |
|
@crasoanirina: It is possible to rename the title of this issue? |
alexeyshch
changed the title
alexeyshch
changed the title
|
Commit 29ec5bf adds option Should we add that at least temporary to default config, or just add mention about it to release notes? I guess we could add it to next release, at least until patched clients will be available, what do you think? |
|
Adding to default config will be a disadvantage to new installations in the long run, and provide no relief to existing installations, so that doesn't seem like a great idea |
|
Currently, no new ConverseJS version with the StropheJS fix... |
ejabberd version: 23.10.38
When upgrading ejabberd 23.10 to ejabberd 23.10.38, converse.js web client authentication fails.
Before the update it worked correctly.
ejabberd.log
The text was updated successfully, but these errors were encountered: