Allows providers to accept full JID's or bare usernames

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@8686 b35dd754-fafc-0310-a699-88a17e54d16e

src/java/org/jivesoftware/openfire/auth/AuthProvider.java

@@ -56,7 +56,7 @@ public interface AuthProvider {
      * If {@link #isPlainSupported()} returns false, this method should
      * throw an UnsupportedOperationException.
      *
-     * @param username the username.
+     * @param username the username or full JID.
      * @param password the passwordl
      * @throws UnauthorizedException if the username and password do
      *      not match any existing user.
@@ -70,7 +70,7 @@ public interface AuthProvider {
      * If {@link #isDigestSupported()} returns false, this method should
      * throw an UnsupportedOperationException.
      *
-     * @param username the username.
+     * @param username the username or full JID.
      * @param token the token that was used with plain-text password to
      *      generate the digest.
      * @param digest the digest generated from plain-text password and unique token.

src/java/org/jivesoftware/openfire/auth/AuthToken.java

@@ -11,6 +11,7 @@
 
 package org.jivesoftware.openfire.auth;
 
+import org.jivesoftware.util.JiveGlobals;
 import org.jivesoftware.openfire.user.UserManager;
 
 /**
@@ -23,19 +24,35 @@ public class AuthToken {
 
     private static final long serialVersionUID = 01L;
     private String username;
+    private String domain;
     private Boolean anonymous;
 
     /**
      * Constucts a new AuthToken with the specified username.
+     * The username can be either a simple username or a full JID.
      *
      * @param username the username to create an authToken token with.
      */
-    public AuthToken(String username) {
-        this.username = username;
+    public AuthToken(String jid) {
+        if (jid.contains("@") ) {
+            int index = jid.indexOf("@");
+            this.username = jid.substring(0,index);
+            this.domain = jid.substring(index+1);
+        } else {
+            this.username = jid;
+            this.domain = JiveGlobals.getProperty("xmpp.domain");
+        }
     }
 
-    public AuthToken(String username, Boolean anonymous) {
-        this.username = username;
+    public AuthToken(String jid, Boolean anonymous) {
+        if (jid.contains("@") ) {
+            int index = jid.indexOf("@");
+            this.username = jid.substring(0,index);
+            this.domain = jid.substring(index+1);
+        } else {
+            this.username = jid;
+            this.domain = JiveGlobals.getProperty("xmpp.domain");
+        }
         this.anonymous = anonymous;
     }
 
@@ -48,6 +65,24 @@ public class AuthToken {
         return username;
     }
 
+    /**
+     * Returns the domain associated with this AuthToken.
+     *
+     * @return the domain associated with this AuthToken.
+     */
+    public String getDomain() {
+        return domain;
+    }
+
+    /**
+     * Returns the jid associated with this AuthToken.
+     *
+     * @return the jid associated with this AuthToken.
+     */
+    public String getJID() {
+        return username+"@"+domain;
+    }
+
     /**
      * Returns true if this AuthToken is the Anonymous auth token.
      *

src/java/org/jivesoftware/openfire/auth/DefaultAuthProvider.java

@@ -15,6 +15,7 @@ import org.jivesoftware.openfire.user.UserNotFoundException;
 import org.jivesoftware.database.DbConnectionManager;
 import org.jivesoftware.util.Log;
 import org.jivesoftware.util.JiveGlobals;
+import org.jivesoftware.openfire.XMPPServer;
 
 import java.sql.*;
 
@@ -46,6 +47,17 @@ public class DefaultAuthProvider implements AuthProvider {
             throw new UnauthorizedException();
         }
         username = username.trim().toLowerCase();
+        if (username.contains("@")) {
+            // Check that the specified domain matches the server's domain
+            int index = username.indexOf("@");
+            String domain = username.substring(index + 1);
+            if (domain.equals(XMPPServer.getInstance().getServerInfo().getName())) {
+                username = username.substring(0, index);
+            } else {
+                // Unknown domain. Return authentication failed.
+                throw new UnauthorizedException();
+            }
+        }
         try {
             if (!password.equals(getPassword(username))) {
                 throw new UnauthorizedException();
@@ -62,6 +74,17 @@ public class DefaultAuthProvider implements AuthProvider {
             throw new UnauthorizedException();
         }
         username = username.trim().toLowerCase();
+        if (username.contains("@")) {
+            // Check that the specified domain matches the server's domain
+            int index = username.indexOf("@");
+            String domain = username.substring(index + 1);
+            if (domain.equals(XMPPServer.getInstance().getServerInfo().getName())) {
+                username = username.substring(0, index);
+            } else {
+                // Unknown domain. Return authentication failed.
+                throw new UnauthorizedException();
+            }
+        }
         try {
             String password = getPassword(username);
             String anticipatedDigest = AuthFactory.createDigest(token, password);
@@ -90,6 +113,17 @@ public class DefaultAuthProvider implements AuthProvider {
         }
         Connection con = null;
         PreparedStatement pstmt = null;
+        if (username.contains("@")) {
+            // Check that the specified domain matches the server's domain
+            int index = username.indexOf("@");
+            String domain = username.substring(index + 1);
+            if (domain.equals(XMPPServer.getInstance().getServerInfo().getName())) {
+                username = username.substring(0, index);
+            } else {
+                // Unknown domain.
+                throw new UserNotFoundException();
+            }
+        }
         try {
             con = DbConnectionManager.getConnection();
             pstmt = con.prepareStatement(LOAD_PASSWORD);
@@ -125,6 +159,17 @@ public class DefaultAuthProvider implements AuthProvider {
         // Determine if the password should be stored as plain text or encrypted.
         boolean usePlainPassword = JiveGlobals.getBooleanProperty("user.usePlainPassword");
         String encryptedPassword = null;
+        if (username.contains("@")) {
+            // Check that the specified domain matches the server's domain
+            int index = username.indexOf("@");
+            String domain = username.substring(index + 1);
+            if (domain.equals(XMPPServer.getInstance().getServerInfo().getName())) {
+                username = username.substring(0, index);
+            } else {
+                // Unknown domain.
+                throw new UserNotFoundException();
+            }
+        }
         if (!usePlainPassword) {
             try {
                 encryptedPassword = AuthFactory.encryptPassword(password);

src/java/org/jivesoftware/openfire/auth/JDBCAuthProvider.java

@@ -14,6 +14,7 @@ import org.jivesoftware.util.Log;
 import org.jivesoftware.util.StringUtils;
 import org.jivesoftware.util.JiveGlobals;
 import org.jivesoftware.openfire.user.*;
+import org.jivesoftware.openfire.XMPPServer;
 import org.jivesoftware.database.DbConnectionManager;
 
 import java.sql.DriverManager;
@@ -99,6 +100,17 @@ public class JDBCAuthProvider implements AuthProvider {
             throw new UnauthorizedException();
         }
         username = username.trim().toLowerCase();
+        if (username.contains("@")) {
+            // Check that the specified domain matches the server's domain
+            int index = username.indexOf("@");
+            String domain = username.substring(index + 1);
+            if (domain.equals(XMPPServer.getInstance().getServerInfo().getName())) {
+                username = username.substring(0, index);
+            } else {
+                // Unknown domain. Return authentication failed.
+                throw new UnauthorizedException();
+            }
+        }
         String userPassword;
         try {
             userPassword = getPasswordValue(username);
@@ -133,6 +145,17 @@ public class JDBCAuthProvider implements AuthProvider {
             throw new UnauthorizedException();
         }
         username = username.trim().toLowerCase();
+        if (username.contains("@")) {
+            // Check that the specified domain matches the server's domain
+            int index = username.indexOf("@");
+            String domain = username.substring(index + 1);
+            if (domain.equals(XMPPServer.getInstance().getServerInfo().getName())) {
+                username = username.substring(0, index);
+            } else {
+                // Unknown domain. Return authentication failed.
+                throw new UnauthorizedException();
+            }
+        }
         String password;
         try {
             password = getPasswordValue(username);
@@ -162,9 +185,21 @@ public class JDBCAuthProvider implements AuthProvider {
     public String getPassword(String username) throws UserNotFoundException,
             UnsupportedOperationException
     {
+
         if (!supportsPasswordRetrieval()) {
             throw new UnsupportedOperationException();
         }
+        if (username.contains("@")) {
+            // Check that the specified domain matches the server's domain
+            int index = username.indexOf("@");
+            String domain = username.substring(index + 1);
+            if (domain.equals(XMPPServer.getInstance().getServerInfo().getName())) {
+                username = username.substring(0, index);
+            }
+        } else {
+            // Unknown domain. Return authentication failed.
+            throw new UserNotFoundException();
+        }
         return getPasswordValue(username);
     }
 
@@ -190,6 +225,17 @@ public class JDBCAuthProvider implements AuthProvider {
         Connection con = null;
         PreparedStatement pstmt = null;
         ResultSet rs = null;
+        if (username.contains("@")) {
+            // Check that the specified domain matches the server's domain
+            int index = username.indexOf("@");
+            String domain = username.substring(index + 1);
+            if (domain.equals(XMPPServer.getInstance().getServerInfo().getName())) {
+                username = username.substring(0, index);
+            } else {
+                // Unknown domain.
+                throw new UserNotFoundException();
+            }
+        }
         try {
             con = DriverManager.getConnection(connectionString);
             pstmt = con.prepareStatement(passwordSQL);

src/java/org/jivesoftware/openfire/auth/NativeAuthProvider.java

@@ -14,6 +14,7 @@ package org.jivesoftware.openfire.auth;
 import org.jivesoftware.util.Log;
 import org.jivesoftware.util.JiveGlobals;
 import org.jivesoftware.util.StringUtils;
+import org.jivesoftware.openfire.XMPPServer;
 import org.jivesoftware.openfire.user.*;
 import com.cenqua.shaj.Shaj;
 
@@ -109,6 +110,17 @@ public class NativeAuthProvider implements AuthProvider {
     }
 
     public void authenticate(String username, String password) throws UnauthorizedException {
+        if (username.contains("@")) {
+            // Check that the specified domain matches the server's domain
+            int index = username.indexOf("@");
+            String domain = username.substring(index + 1);
+            if (domain.equals(XMPPServer.getInstance().getServerInfo().getName())) {
+                username = username.substring(0, index);
+            } else {
+                // Unknown domain. Return authentication failed.
+                throw new UnauthorizedException();
+            }
+        }
         try {
             // Some native authentication mechanisms appear to not handle high load
             // very well. Therefore, synchronize access to Shaj to throttle auth checks.

src/java/org/jivesoftware/openfire/auth/POP3AuthProvider.java

@@ -14,6 +14,7 @@ package org.jivesoftware.openfire.auth;
 import org.jivesoftware.util.*;
 import org.jivesoftware.util.cache.Cache;
 import org.jivesoftware.util.cache.CacheFactory;
+import org.jivesoftware.openfire.XMPPServer;
 import org.jivesoftware.openfire.user.UserAlreadyExistsException;
 import org.jivesoftware.openfire.user.UserManager;
 import org.jivesoftware.openfire.user.UserNotFoundException;
@@ -116,6 +117,17 @@ public class POP3AuthProvider implements AuthProvider {
         if (username == null || password == null) {
             throw new UnauthorizedException();
         }
+        if (username.contains("@")) {
+            // Check that the specified domain matches the server's domain
+            int index = username.indexOf("@");
+            String domain = username.substring(index + 1);
+            if (domain.equals(XMPPServer.getInstance().getServerInfo().getName())) {
+                username = username.substring(0, index);
+            }
+        } else {
+            // Unknown domain. Return authentication failed.
+            throw new UnauthorizedException();
+        }
 
         Log.debug("POP3AuthProvider.authenticate("+username+", ******)");
 

src/java/org/jivesoftware/openfire/ldap/LdapAuthProvider.java

@@ -66,6 +66,18 @@ public class LdapAuthProvider implements AuthProvider {
             throw new UnauthorizedException();
         }
 
+        if (username.contains("@")) {
+            // Check that the specified domain matches the server's domain
+            int index = username.indexOf("@");
+            String domain = username.substring(index + 1);
+            if (domain.equals(XMPPServer.getInstance().getServerInfo().getName())) {
+                username = username.substring(0, index);
+            } else {
+                // Unknown domain. Return authentication failed.
+                throw new UnauthorizedException();
+            }
+        }
+
         // Un-escape username.
         username = JID.unescapeNode(username);
 

src/java/org/jivesoftware/openfire/net/XMPPCallbackHandler.java

@@ -80,6 +80,7 @@ public class XMPPCallbackHandler implements CallbackHandler {
 
             }
             else if (callbacks[i] instanceof VerifyPasswordCallback) {
+                Log.debug("XMPPCallbackHandler: VerifyPasswordCallback");
                 VerifyPasswordCallback vpcb = (VerifyPasswordCallback) callbacks[i];
                 try {
                     AuthToken at = AuthFactory.authenticate(name,new String(vpcb.getPassword()));

src/java/org/jivesoftware/openfire/sasl/SaslServerPlainImpl.java

@@ -46,11 +46,13 @@ public class SaslServerPlainImpl implements SaslServer {
     private CallbackHandler cbh;
     private boolean completed;
     private boolean aborted;
+    private int counter;
 
 
     public SaslServerPlainImpl(String protocol, String serverFqdn, Map props, CallbackHandler cbh) throws SaslException {
         this.cbh = cbh;
         this.completed = false;
+        this.counter = 0;
     }
 
     /**
@@ -119,8 +121,10 @@ public class SaslServerPlainImpl implements SaslServer {
                     throw new SaslException("PLAIN: user not authorized: "+principal);
                 }
             } else {
-                //throw new SaslException("PLAIN expects an initial response");
-		//Client gave no initial response, give a null (possible infinate loop?)
+                //Client gave no initial response
+                if( counter++ > 1 ) {
+                    throw new SaslException("PLAIN expects a response");
+                }
                 return null;
             }
         } catch (UnsupportedEncodingException e) {