Fixes #1550

Legitimate carbons messages blocked due to erroneous forgery check

Fixes #1550
Legitimate carbons messages blocked due to erroneous forgery check
52ea8d5a · JC Brand · eec51f9d · 52ea8d5a · 52ea8d5a · 52ea8d5a
Commit 52ea8d5a authored May 03, 2019 by JC Brand
5 changed files
--- a/CHANGES.md
+++ b/CHANGES.md
 # Changelog
-### Rooms Api document change
-  number of parameters in the documentation was made 2 from 3 as api which is used to open a room with default configuration has only 2 parameters
+
 ## 5.0.0 (Unreleased)

 - Bugfix: Don't set `muc_domain` for roomspanel if `locked_muc_domain` is `true`.
@@ -13,6 +12,7 @@
 - Continuously retry (in 2s intervals) to fetch login credentials (via [credentials_url](https://conversejs.org/docs/html/configuration.html#credentials-url)) in case of failure
 - #1296: `embedded` view mode shows `chatbox-navback` arrow in header
 - #1532: Converse reloads on enter pressed in the filter box
+- #1550: Legitimate carbons being blocked due to erroneous forgery check

 - **Breaking changes**:
 - Rename `muc_disable_moderator_commands` to [muc_disable_slash_commands](https://conversejs.org/docs/html/configuration.html#muc-disable-slash-commands).

--- a/dist/converse.js
+++ b/dist/converse.js
@@ -63067,7 +63067,7 @@ _converse_core__WEBPACK_IMPORTED_MODULE_2__["default"].plugins.add('converse-cha
                xmlns = Strophe.NS.CARBONS;
          is_carbon = sizzle(`received[xmlns="${xmlns}"]`, stanza).length > 0;

-          if (is_carbon && Strophe.getBareJidFromJid(forwarded_from) !== from_jid) {
+          if (is_carbon && original_stanza.getAttribute('from') !== _converse.bare_jid) {
            // Prevent message forging via carbons
            // https://xmpp.org/extensions/xep-0280.html#security
            return true;
@@ -68593,8 +68593,7 @@ _converse_core__WEBPACK_IMPORTED_MODULE_3__["default"].plugins.add('converse-muc
         *           'roomdesc': 'Comfy room for hanging out',
         *           'whois': 'anyone'
         *       }
-         *     },
-         *     true
+         *     }
         * );
         */
        'open': async function open(jids, attrs) {
--- a/spec/messages.js
+++ b/spec/messages.js
@@ -508,7 +508,7 @@
            const msgtext = 'This is a carbon message';
            const sender_jid = mock.cur_names[1].replace(/ /g,'.').toLowerCase() + '@localhost';
            const msg = $msg({
-                    'from': sender_jid,
+                    'from': _converse.bare_jid,
                    'id': (new Date()).getTime(),
                    'to': _converse.connection.jid,
                    'type': 'chat',
@@ -526,7 +526,7 @@
            await test_utils.waitUntil(() => (_converse.api.chats.get().length > 1))
            const chatbox = _converse.chatboxes.get(sender_jid);
            const view = _converse.chatboxviews.get(sender_jid);
-                
+
            expect(chatbox).toBeDefined();
            expect(view).toBeDefined();
            // Check that the message was received and check the message parameters
@@ -1197,7 +1197,7 @@
                        'from': _converse.bare_jid+"/some-other-resource",
                        'type': 'chat'})
                    .c('body').t("A carbon message 4 minutes later")
-                    .tree()); 
+                    .tree());
            await new Promise((resolve, reject) => view.once('messageInserted', resolve));

            expect(chat_content.querySelectorAll('.message').length).toBe(8);

--- a/src/headless/converse-chatboxes.js
+++ b/src/headless/converse-chatboxes.js
@@ -943,7 +943,7 @@ converse.plugins.add('converse-chatboxes', {
                          forwarded_from = forwarded_message.getAttribute('from'),
                          xmlns = Strophe.NS.CARBONS;
                    is_carbon = sizzle(`received[xmlns="${xmlns}"]`, stanza).length > 0;
-                    if (is_carbon && Strophe.getBareJidFromJid(forwarded_from) !== from_jid) {
+                    if (is_carbon && original_stanza.getAttribute('from') !== _converse.bare_jid) {
                        // Prevent message forging via carbons
                        // https://xmpp.org/extensions/xep-0280.html#security
                        return true;

--- a/src/headless/dist/converse-headless.js
+++ b/src/headless/dist/converse-headless.js
@@ -41315,7 +41315,7 @@ _converse_core__WEBPACK_IMPORTED_MODULE_2__["default"].plugins.add('converse-cha
                xmlns = Strophe.NS.CARBONS;
          is_carbon = sizzle(`received[xmlns="${xmlns}"]`, stanza).length > 0;

-          if (is_carbon && Strophe.getBareJidFromJid(forwarded_from) !== from_jid) {
+          if (is_carbon && original_stanza.getAttribute('from') !== _converse.bare_jid) {
            // Prevent message forging via carbons
            // https://xmpp.org/extensions/xep-0280.html#security
            return true;
@@ -46841,8 +46841,7 @@ _converse_core__WEBPACK_IMPORTED_MODULE_3__["default"].plugins.add('converse-muc
         *           'roomdesc': 'Comfy room for hanging out',
         *           'whois': 'anyone'
         *       }
-         *     },
-         *     true
+         *     }
         * );
         */
        'open': async function open(jids, attrs) {