Blather does not authenticate existing user

[distler]

Here's a simple blather script which sends a message to a user:

#!/usr/local/bin/ruby
require 'blather/client'

c = setup '[email protected]', 'XXXXXX'
when_ready do
  write_to_stream Blather::Stanza::Message.new("[email protected]", "Spoons!")
  c.close
end

As I understand the documentation, Blather should first attempt to authenticate as the user 'my_user' and then, if authentication fails, it should attempt to use in-band registration to register 'my_user' as a new user.

With ejabberd 15.09, that's not what happens:

...
D, [2015-10-23T17:05:20.529019 #59219] DEBUG -- : RECEIVING (stream) 
<stream:stream xmlns:stream="http://etherx.jabber.org/streams" id="3314227897" from="myhost.com" version="1.0" lang="en"/>
D, [2015-10-23T17:05:20.529454 #59219] DEBUG -- : RECEIVING (features) 
<stream:features xmlns:stream="http://etherx.jabber.org/streams">
  <c xmlns="http://jabber.org/protocol/caps" hash="sha-1" node="http://www.process-one.net/en/ejabberd/" ver="rBEUwDwH04kFUO/cy54wsfBQW4A="/>
  <register xmlns="http://jabber.org/features/iq-register"/>
  <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
    <mechanism>PLAIN</mechanism>
    <mechanism>DIGEST-MD5</mechanism>
    <mechanism>X-OAUTH2</mechanism>
    <mechanism>SCRAM-SHA-1</mechanism>
  </mechanisms>
</stream:features>
D, [2015-10-23T17:05:20.530168 #59219] DEBUG -- : SENDING: (/usr/local/lib/ruby/gems/2.1.0/gems/blather-1.1.4/lib/blather/stream/features/register.rb:22:in `receive_data') 
<iq type="set" id="blather0002">
  <query xmlns="jabber:iq:register">
    <username>my_user</username>
    <password>XXXXXX</password>
  </query>
</iq>
D, [2015-10-23T17:05:20.605633 #59219] DEBUG -- : RECEIVING (iq) 
<iq from="myhost.com" id="blather0002" type="error">
  <query xmlns="jabber:iq:register">
    <username>my_user</username>
    <password>XXXXXX</password>
  </query>
  <error code="403" type="auth">
    <forbidden xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/>
  </error>
</iq>
D, [2015-10-23T17:05:20.606274 #59219] DEBUG -- : SENDING: (/usr/local/lib/ruby/gems/2.1.0/gems/blather-1.1.4/lib/blather/stream.rb:248:in `stop') 
</stream:stream>
D, [2015-10-23T17:05:20.607104 #59219] DEBUG -- : RECEIVING (end) 
<stream:end xmlns:stream="http://etherx.jabber.org/streams"/>

Note: here, the 403 is because in-band registration is disabled for remote clients. On localhost, where in-band registration is permitted, one gets instead

D, [2015-10-24T12:24:33.845268 #9832] DEBUG -- : RECEIVING (iq) <iq from="localhost" id="blather0002" type="error">
  <query xmlns="jabber:iq:register">
    <username>my_user</username>
    <password>XXXXXX</password>
  </query>
  <error code="409" type="cancel">
    <conflict xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/>
  </error>
</iq>

because the user 'my_user' already exists.

[benlangfeld]

Before I dive in, do #106 #114 help with this at all? Also, does any older version of ejabberd work?

[distler]

If I understand correctly, #106 suggests disabling in-band registration server-side. That changes the 409 error to a 403 everywhere. #114 suggests downgrading from blather 0.8.5 to 0.8.4. Dunno about those old versions, but the problem exists with both blather 1.0.0 and 1.1.4.

As to different versions of ejabberd, I believe this problem first arose upon upgrading ejabberd. I'm not sure which version it broke with: it definitely worked in ejabberd 14.07, and definitely not with 15.09 or 15.07. So somewhere in between ... (14.12, 15.02, 15.03, 15.04 or 15.06).

[benlangfeld]

Since the only way to be sure why this is happening is to figure out which version broke it, and that that may take a while, I'd ask that you do that and let us know as accurately as you can what changed. Working logs for comparison would also help.

[distler]

Disabling (entirely) mod_register in ejabberd did the trick.

[distler]

And, since you asked for a working log, with mod_register disabled, the previous (failing) dialogue is replaced by the working:

...
D, [2015-10-25T11:20:16.652465 #58883] DEBUG -- : RECEIVING (stream)
<stream:stream xmlns:stream="http://etherx.org/streams" id="1688674457" from="my_host.com" version="1.0" lang="en"/>
D, [2015-10-25T11:20:16.652938 #58883] DEBUG -- : RECEIVING (features)
<stream:features xmlns:stream="http://etherx.jabber.org/streams">
  <c xmlns="http://jabber.org/protocol/caps" hash="sha-1" node="http://www.process-one.net/en/ejabberd/" ver="hDdRD9MBiSJYI7jJFK+03IZdSJo="/>
  <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
    <mechanism>PLAIN</mechanism>
    <mechanism>DIGEST-MD5</mechanism>
    <mechanism>X-OAUTH2</mechanism>
    <mechanism>SCRAM-SHA-1</mechanism>
  </mechanisms>
</stream:features>
D, [2015-10-25T11:20:16.653432 #58883] DEBUG -- : SENDING: (/usr/local/lib/ruby/gems/2.1.0/gems/blather-1.1.4/lib/blather/stream/features/sasl.rb:102:in `authenticate')
<auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="DIGEST-MD5"/>
D, [2015-10-25T11:20:16.730856 #58883] DEBUG -- : RECEIVING (challenge)
<challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">XXXXX=</challenge>
D, [2015-10-25T11:20:16.731165 #58883] DEBUG -- : CHALLENGE DECODE: {"nonce"=>"XXXX", "qop"=>"auth", "charset"=>"utf-8", "algorithm"=>"md5-sess"}
D, [2015-10-25T11:20:16.731420 #58883] DEBUG -- : CHALLENGE RESPONSE: {:nonce=>"\"XXXXX\"", :charset=>"utf-8", :username=>"\"my_user\"", :realm=>"\"my_host.com\"", :cnonce=>"\"XXXXXXXXX\"", :nc=>"00000001", :qop=>"auth", :"digest-uri"=>"\"xmpp/my_host.com\"", :response=>"XXXXXX"}
D, [2015-10-25T11:20:16.731493 #58883] DEBUG -- : CH RESP TXT: nonce="1784290425",charset=utf-8,username="my_user",realm="my_host.com",cnonce="XXXXXX",nc=00000001,qop=auth,digest-uri="xmpp/my_host.com",response=XXXXXXXX
D, [2015-10-25T11:20:16.731728 #58883] DEBUG -- : SENDING: (/usr/local/lib/ruby/gems/2.1.0/gems/blather-1.1.4/lib/blather/stream/features/sasl.rb:168:in `respond')
<response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">XXXXXXXXX</response>
D, [2015-10-25T11:20:16.732935 #58883] DEBUG -- : RECEIVING (challenge)
<challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">XXXXXXXX==</challenge>
D, [2015-10-25T11:20:16.733096 #58883] DEBUG -- : CHALLENGE DECODE: {"rspauth"=>"XXXXXXXX"}
D, [2015-10-25T11:20:16.733279 #58883] DEBUG -- : SENDING: (/usr/local/lib/ruby/gems/2.1.0/gems/blather-1.1.4/lib/blather/stream/features/sasl.rb:168:in `respond')
<response xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/>
D, [2015-10-25T11:20:16.963775 #58883] DEBUG -- : RECEIVING (success)
<success xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/>
D, [2015-10-25T11:20:16.964024 #58883] DEBUG -- : SENDING: (/usr/local/lib/ruby/gems/2.1.0/gems/blather-1.1.4/lib/blather/stream/client.rb:12:in `start')
<stream:stream to='my_host.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xml:lang='en'>
D, [2015-10-25T11:20:17.016610 #58883] DEBUG -- : RECEIVING (stream)
<stream:stream xmlns:stream="http://etherx.jabber.org/streams" id="532141347" from="my_host.com" version="1.0" lang="en"/>
D, [2015-10-25T11:20:17.016957 #58883] DEBUG -- : RECEIVING (features)
<stream:features xmlns:stream="http://etherx.jabber.org/streams">
  <c xmlns="http://jabber.org/protocol/caps" hash="sha-1" node="http://www.process-one.net/en/ejabberd/" ver="hDdRD9MBiSJYI7jJFK+03IZdSJo="/>
  <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"/>
  <session xmlns="urn:ietf:params:xml:ns:xmpp-session"/>
  <sm xmlns="urn:xmpp:sm:2"/>
  <sm xmlns="urn:xmpp:sm:3"/>
  <csi xmlns="urn:xmpp:csi:0"/>
</stream:features>
D, [2015-10-25T11:20:17.017483 #58883] DEBUG -- : SENDING: (/usr/local/lib/ruby/gems/2.1.0/gems/blather-1.1.4/lib/blather/stream/features/resource.rb:39:in `bind')
<iq type="set" id="blather0002">
  <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"/>
</iq>
D, [2015-10-25T11:20:17.153549 #58883] DEBUG -- : RECEIVING (iq)
<iq id="blather0002" type="result">
  <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind">
    <jid>my_user@my_host.com/3568922531445790017153082</jid>
  </bind>
</iq>
D, [2015-10-25T11:20:17.153832 #58883] DEBUG -- : USING JID: my_user@my_host.com/3568922531445790017153082
D, [2015-10-25T11:20:17.154075 #58883] DEBUG -- : SENDING: (/usr/local/lib/ruby/gems/2.1.0/gems/blather-1.1.4/lib/blather/stream/features/session.rb:40:in `session')
<iq type="set" id="blather0004" to="my_host.com">
  <session xmlns="urn:ietf:params:xml:ns:xmpp-session"/>
</iq>
D, [2015-10-25T11:20:17.154677 #58883] DEBUG -- : RECEIVING (iq)
<iq type="result" from="my_host.com" id="blather0004"/>
D, [2015-10-25T11:20:17.155930 #58883] DEBUG -- : SENDING: (/usr/local/lib/ruby/gems/2.1.0/gems/blather-1.1.4/lib/blather/client/client.rb:153:in `write')
<iq type="get" id="blather0006">
  <query xmlns="jabber:iq:roster"/>
</iq>
...

[benlangfeld]

If you have a working log with mod_register enabled on an older version of ejabberd, I'd love to see that also.

[distler]

Sorry, but that won't be particularly easy.

Still, it's clear what's going on:

• When ejabberd includes a <register xmlns="http://jabber.org/features/iq-register"/> among its features, blather responds with a <query xmlns="jabber:iq:register"> request.
• When ejabberd does not include that line, blather responds with an <auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="DIGEST-MD5"/> request.

I think blather ought to try an <auth ... /> request, first, no?

[benlangfeld]

Yes, it should. Do you fancy submitting a failing spec to show the issue?

[uranio-235]

the same problem with prosody here, I'm unable to disable registre module