# HG changeset patch # User Sonny Piers # Date 1328122069 -3600 # Node ID d9f5ae0b6d98401dfabdd0aa782d79d4d8524f9c # Parent 20da4fb6797735a5f868cfdbeb5ef5f429ddb5bb Support for DIGEST-MD5 authentication. (plugin) diff --git a/lightstring.js b/lightstring.js --- a/lightstring.js +++ b/lightstring.js @@ -202,13 +202,15 @@ Lightstring.Connection.prototype = { } } else if (name === 'challenge') { - - + that.emit('challenge', stanza); } else if (name === 'response') { } + else if (name === 'failure') { + that.emit('failure', stanza); + } else if (name === 'success') { that.emit('success', stanza); } diff --git a/plugins/DIGEST-MD5.js b/plugins/DIGEST-MD5.js new file mode 100644 --- /dev/null +++ b/plugins/DIGEST-MD5.js @@ -0,0 +1,137 @@ +'use strict'; + +/** + Copyright (c) 2012, Sonny Piers + + Permission to use, copy, modify, and/or distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +*/ + +Lightstring.plugins['DIGEST-MD5'] = { + handlers: { + 'mechanisms': function (stanza) { + if(stanza.mechanisms.indexOf('DIGEST-MD5') === -1) + return; + + this.send( + "" + ); + }, + 'success': function (stanza) { + this.send( + "" + ); + }, + 'features': function (stanza) { + var that = this; + //TODO check if bind supported + var bind = + "" + + "" + + (this.jid.resource? "" + this.jid.resource + "": "") + + "" + + ""; + this.send( + bind, + //Success + function(stanza) { + //Session http://xmpp.org/rfcs/rfc3921.html#session + that.jid = new Lightstring.JID(stanza.DOM.textContent); + that.send( + "" + + "" + + "", + function() { + that.emit('connected'); + } + ); + }, + //Error + function(stanza) { + //TODO: Error? + } + ); + }, + 'challenge': function (stanza) { + //FIXME this is mostly Strophe code + + function _quote(str) { + return '"' + str.replace(/\\/g, '\\\\').replace(/"/g, '\\"') + '"'; + }; + + var challenge = atob(stanza.DOM.textContent); + + var attribMatch = /([a-z]+)=("[^"]+"|[^,"]+)(?:,|$)/; + + var cnonce = MD5.hexdigest(Math.random() * 1234567890); + var realm = ''; + var host = null; + var nonce = ''; + var qop = ''; + var matches; + + while (challenge.match(attribMatch)) { + matches = challenge.match(attribMatch); + challenge = challenge.replace(matches[0], ''); + matches[2] = matches[2].replace(/^"(.+)"$/, '$1'); + switch (matches[1]) { + case 'realm': + realm = matches[2]; + break; + case 'nonce': + nonce = matches[2]; + break; + case 'qop': + qop = matches[2]; + break; + case 'host': + host = matches[2]; + break; + } + } + + var digest_uri = 'xmpp/' + this.jid.domain; + if (host !== null) + digest_uri = digest_uri + '/' + host; + var A1 = MD5.hash(this.jid.node + + ':' + realm + ':' + this.password) + + ':' + nonce + ':' + cnonce; + var A2 = 'AUTHENTICATE:' + digest_uri; + + var responseText = ''; + responseText += 'username=' + _quote(this.jid.node) + ','; + responseText += 'realm=' + _quote(realm) + ','; + responseText += 'nonce=' + _quote(nonce) + ','; + responseText += 'cnonce=' + _quote(cnonce) + ','; + responseText += 'nc="00000001",'; + responseText += 'qop="auth",'; + responseText += 'digest-uri=' + _quote(digest_uri) + ','; + responseText += 'response=' + _quote( + MD5.hexdigest(MD5.hexdigest(A1) + ':' + + nonce + ':00000001:' + + cnonce + ':auth:' + + MD5.hexdigest(A2))) + ','; + responseText += 'charset="utf-8"'; + this.send( + "" + + btoa(responseText) + + ""); + }, + 'failure': function (stanza) { + //TODO: throw an error? + } + } +}; diff --git a/plugins/PLAIN.js b/plugins/PLAIN.js --- a/plugins/PLAIN.js +++ b/plugins/PLAIN.js @@ -34,7 +34,6 @@ Lightstring.plugins['PLAIN'] = { " mechanism='PLAIN'>" + token + "" ); }, - //TODO twice success event 'success': function (stanza) { this.send( "