Gajim - 2016-09-17


  1. lovetox i think we have this problem with every invalid jid
  2. lovetox there is no test for valid jid format
  3. linus Yeah
  4. linus I'll have a look at fixing it tomorrow, if I can get my issues with firejail sorted out
  5. lovetox you could do all sorts of things like xmpp:asd@asd@asda@.at
  6. lovetox this is passed then to all the functions involved with opening chat window
  7. lovetox no way to tell what goes wrong there
  8. lovetox problem lies in chat_control.py
  9. lovetox def _nec_vcard_received
  10. lovetox calls show_avatar()
  11. lovetox which requests a vcard
  12. lovetox which tritters vcard received
  13. lovetox and show_avatar() is called again
  14. lovetox and so on
  15. lovetox endless loop
  16. lovetox ok found the problem
  17. lovetox but we should solve it in a general way
  18. lovetox just dont start new chats with invalid jids
  19. linus That makes sense
  20. lovetox so we need a good function that can test if a jid is vald :)
  21. linus That shouldn't be too hard.
  22. linus ", he said...
  23. lovetox it should test for xxx@xxx.xxx
  24. lovetox but also this has to be valid something like a room jid with a nick has to be valid
  25. lovetox gajim@conference.gajim.org/xxxx
  26. linus I think RFC5122 is the thing to refer to here
  27. lovetox or maybe https://tools.ietf.org/html/rfc6122
  28. lovetox forund this on stackoverflow
  29. lovetox http://stackoverflow.com/questions/3514342/validating-an-xmpp-jid-with-python
  30. linus lovetox, do you know if the URL parsing code conforms to the RFC?
  31. linus URI*
  32. lovetox it says so in the post
  33. linus because it is basically two separate tasks: parsing the URI, and then checking the JID
  34. linus URL parsing code
  35. linus URI*
  36. linus not JID checking
  37. lovetox ah
  38. lovetox no
  39. lovetox i dont know
  40. linus because that's just as important for this stuff not to break :p
  41. lovetox i would just use it, test it against some cases
  42. lovetox there is probably not a 100% perfect solution out there
  43. lovetox if i write it myself it will probably not even be 5% perfect :D
  44. lovetox so i guess we start with some checking function
  45. lovetox and extend it if bugs are reported
  46. lovetox i mean right now there is no check whatsoever
  47. lovetox so its definitly a step forward
  48. lovetox even if it catches not every case
  49. linus True :D
  50. Link Mauve linus, xmpp://user@server would mean “connect as user@server”, which makes no sense on XMPP.
  51. Link Mauve Also, of course Gajim already does validate JIDs, just use that existing code.
  52. praveen stef.an: on poddery.com we accept connections over port 443. You can ask your admin to enable it.
  53. praveen stef.an: https://wiki.debian.org/InstallingProsody#XMPP_over_HTTPS this how we did it using prosody, you can share it with your admin.
  54. lovetox Link Mauve
  55. lovetox gajim does not validate the jid when you click that link
  56. lovetox as you can see in your xml console
  57. lovetox where a endless loop starts requesting vcards
  58. lovetox to an invalid jid
  59. lovetox also you cant produce a link where gajim would tell you "invalid jid"
  60. lovetox it always opens a chat window, like you could start writing to that adress
  61. lovetox and i found no methode in gajim that validates a JID
  62. lovetox some methodes implement their own checks, but i found no dedicated methode that does only check a jid for validity
  63. Link Mauve lovetox, err, just do it the Python way, create a JID from the string and if you catch the InvalidJID or whatever exception you know it was invalid and react accordingly.
  64. Link Mauve Do that at the dbus entrypoint.
  65. lovetox yeah so you need a methode that parses the string and throws exception
  66. lovetox all i can see right now is a methode that does split @ , split /
  67. lovetox and thats user, domain, resource
  68. lovetox thats just not good enough :)
  69. linus then we fix that :p
  70. lovetox there is a parsejid function in helpers.py
  71. linus yeah
  72. lovetox it uses some method from the nbxmpp api
  73. lovetox i think this could be good enough
  74. linus doesn't look like it to me
  75. linus all the actual parsing is in helpers.py, decompose_jid
  76. lovetox no
  77. lovetox return prep(*decompose_jid(jidstring))
  78. lovetox look at prep
  79. lovetox so there is "def hyperlink_handler"
  80. lovetox in htmltextview.py and conversationtextview.py
  81. lovetox that defines what happens if we click a link
  82. lovetox that has xmpp in it
  83. lovetox so before executing the action we should parse the jid, and catch exception
  84. lovetox seems easy enough
  85. Link Mauve lovetox, common.helpers.parse_jid.
  86. linus Link Mauve: yes, he pasted the code for that above
  87. Link Mauve Ah.
  88. Link Mauve Sorry, I wasn’t there yet, I went to a restaurant in the meantime and am only catching up with logs. ^^
  89. Link Mauve Time to sleep soon too.