slixmpp/sleekxmpp/plugins/xep_0078/legacyauth.py
Lance Stout 75f23d1130 Fix XEP-0078 using the new stream feature workflow.
Honestly, this is mainly just a demo/proof of concept that we
can handle dependencies and ordering issues with stream features.

DON'T use XEP-0078 if you are able to use the normal SASL method,
which should be the case unless you are dealing with a very old
XMPP server implementation.
2011-08-06 12:30:56 -07:00

108 lines
3.5 KiB
Python

"""
SleekXMPP: The Sleek XMPP Library
Copyright (C) 2011 Nathanael C. Fritz
This file is part of SleekXMPP.
See the file LICENSE for copying permission.
"""
import logging
import hashlib
import random
from sleekxmpp.stanza import Iq, StreamFeatures
from sleekxmpp.xmlstream import ElementBase, ET, register_stanza_plugin
from sleekxmpp.plugins.base import base_plugin
from sleekxmpp.plugins.xep_0078 import stanza
log = logging.getLogger(__name__)
class xep_0078(base_plugin):
"""
XEP-0078 NON-SASL Authentication
This XEP is OBSOLETE in favor of using SASL, so DO NOT use this plugin
unless you are forced to use an old XMPP server implementation.
"""
def plugin_init(self):
self.xep = "0078"
self.description = "Non-SASL Authentication"
self.stanza = stanza
self.xmpp.register_feature('auth',
self._handle_auth,
restart=False,
order=self.config.get('order', 15))
register_stanza_plugin(Iq, stanza.IqAuth)
register_stanza_plugin(StreamFeatures, stanza.AuthFeature)
def _handle_auth(self, features):
# If we can or have already authenticated with SASL, do nothing.
if 'mechanisms' in features['features']:
return False
if self.xmpp.authenticated:
return False
log.debug("Starting jabber:iq:auth Authentication")
# Step 1: Request the auth form
iq = self.xmpp.Iq()
iq['type'] = 'get'
iq['to'] = self.xmpp.boundjid.host
iq['auth']['username'] = self.xmpp.boundjid.user
resp = iq.send(now=True)
if resp is None or resp['type'] != 'result':
log.info("Authentication failed: %s" % resp['error']['condition'])
self.xmpp.event('failed_auth', resp, direct=True)
self.xmpp.disconnect()
return True
# Step 2: Fill out auth form for either password or digest auth
iq = self.xmpp.Iq()
iq['type'] = 'set'
iq['auth']['username'] = self.xmpp.boundjid.user
# A resource is required, so create a random one if necessary
if self.xmpp.boundjid.resource:
iq['auth']['resource'] = self.xmpp.boundjid.resource
else:
iq['auth']['resource'] = '%s' % random.random()
if 'digest' in resp['auth']['fields']:
log.debug('Authenticating via jabber:iq:auth Digest')
if sys.version_info < (3, 0):
stream_id = bytes(self.xmpp.stream_id)
password = bytes(self.xmpp.password)
else:
stream_id = bytes(self.xmpp.stream_id, encoding='utf-8')
password = bytes(self.xmpp.password, encoding='utf-8')
digest = hashlib.sha1(b'%s%s' % (stream_id, password)).hexdigest()
iq['auth']['digest'] = digest
else:
log.warning('Authenticating via jabber:iq:auth Plain.')
iq['auth']['password'] = self.xmpp.password
# Step 3: Send credentials
result = iq.send(now=True)
if result is not None and result.attrib['type'] == 'result':
self.xmpp.features.add('auth')
self.xmpp.authenticated = True
log.debug("Established Session")
self.xmpp.sessionstarted = True
self.xmpp.session_started_event.set()
self.xmpp.event('session_start')
else:
log.info("Authentication failed")
self.xmpp.disconnect()
self.xmpp.event("failed_auth")
return True