1
0
mirror of https://github.com/moparisthebest/xeps synced 2024-12-21 23:28:51 -05:00

Revert "XEP-0401: update pre-authenticated IBR"

This reverts commit 5f43884d3a.
It was incorrectly merged.
This commit is contained in:
Jonas Schäfer 2020-01-08 16:36:56 +01:00
parent 99587d7801
commit 9607144784

View File

@ -30,6 +30,12 @@
<firstname>Marc</firstname> <firstname>Marc</firstname>
<surname>Schink</surname> <surname>Schink</surname>
</author> </author>
<revision>
<version>0.4.0</version>
<date>2020-01-08</date>
<initials>jsc</initials>
<remark>Revert version 0.3.0, which was merged prematurely and incorrectly.</remark>
</revision>
<revision> <revision>
<version>0.3.0</version> <version>0.3.0</version>
<date>2020-01-02</date> <date>2020-01-02</date>
@ -84,8 +90,8 @@
out-of-band link (URI) which allows Juliet to:</p> out-of-band link (URI) which allows Juliet to:</p>
<ol> <ol>
<li>Download an XMPP client (if needed).</li> <li>Download an XMPP client (if needed).</li>
<li>Register an account on Romeo's server (with a user name pre-defined <li>Register an account on Romeo's server with a user name defined by
by Romeo or chosen by Juliet, and a password not known to Romeo).</li> Romeo and a password not known to Romeo.</li>
<li>Establish a mutual presence subscription between Romeo and Juliet.</li> <li>Establish a mutual presence subscription between Romeo and Juliet.</li>
</ol> </ol>
</section2> </section2>
@ -130,21 +136,8 @@
</iq> </iq>
]]></example> ]]></example>
<p>When performing the account creation, Juliet's client needs to ensure <p>When performing the account creation, Juliet's client needs to ensure
that the server supports the extended IBR protocol, as denoted by the that the server supports the extended IBR protocol with a &lt;preauth&gt;
<strong>&lt;register xmlns='urn:xmpp:invite'></strong> token: TODO</p>
stream feature:</p>
<example caption="Stream features of a server that accepts invitations"><![CDATA[
<stream:features>
<mechanisms xmlns='urn:xmpp:sasl:0'>
<mechanism>EXTERNAL</mechanism>
<mechanism>SCRAM-SHA-1-PLUS</mechanism>
<mechanism>SCRAM-SHA-1</mechanism>
<mechanism>PLAIN</mechanism>
</mechanisms>
<register xmlns='urn:xmpp:invite'/>
<register xmlns='http://jabber.org/features/iq-register'/>
</stream:features>
]]></example>
</section1> </section1>
<section1 topic='Glossary' anchor='glossary'> <section1 topic='Glossary' anchor='glossary'>
<p>OPTIONAL.</p> <p>OPTIONAL.</p>
@ -343,45 +336,87 @@
<section2 topic='Pre-Authenticated In-Band Registration' anchor='preauth-ibr'> <section2 topic='Pre-Authenticated In-Band Registration' anchor='preauth-ibr'>
<p>In order to allow invited users to register on a server, the <p>In order to allow invited users to register on a server, the
registration processs as defined in &xep0077; needs to be extended. The registration processs as defined in &xep0077; needs to be extended. The
invited user's client needs to connect to the server and check that the invited user's client MUST add a &lt;preauth&gt; element in the 'TODO'
invitation stream feature namespace to the 'jabber:iq:register' query in order to inform the
(<strong>&lt;register xmlns='urn:xmpp:invite'></strong>) is present. server that it wants to perform Pre-Authenticated IBR:</p>
After that, the client initiates the registration flow by sending the <example caption="Retrieving registration fields"><![CDATA[
preauth token to the server:</p> <iq type='get' id='reg1' to='example.com'>
<example caption="Client initiates pre-authenticated IBR"><![CDATA[ <query xmlns='jabber:iq:register'>
<iq type='set' to='example.com' id='pa1'> <preauth xmlns='urn:xmpp:invite:1'/>
<preauth xmlns='urn:xmpp:pars:0' token='TOKEN' /> </query>
</iq> </iq>
]]></example> ]]></example>
<p>Upon receiving the preauth request, the server must validate that the <p>If the server supports and is ready to perform Pre-Authenticated IBR,
token is acceptable for account registration. However, single-use tokens it MUST add a &lt;token&gt; element to the response (TODO: 'token' or
MUST NOT be considered used until the actual registration has succeeded. 'preauth'?):</p>
</p> <example caption="Receiving registration form"><![CDATA[
<p>In addition, if the token has an expiration time, it MUST only be <iq type='result' to='romeo@example.com' from='example.com' id='reg1'>
checked at this point. Subsequent actions performed by the client during <query xmlns='jabber:iq:register'>
the current session that require a valid token MUST NOT be rejected due <x xmlns='jabber:x:data' type='form'>
to token expiry. <field type='hidden' var='FORM_TYPE'>
</p> <value>urn:xmpp:invite:1</value>
<p>If the token is acceptable, the server responds with success, and </field>
indicates the client may now proceed with account registration: <field type='text-single' label='Username' var='username'>
</p> <required/>
<example caption="Server accepts invitation token"><![CDATA[ </field>
<iq type='result' from='example.com' id='pa1' /> <field type='text-private' label='Password' var='password'>
<required/>
</field>
<field type='text-single' label='Invite token' var='token'>
<required/>
</field>
</x>
</query>
</iq>
]]></example> ]]></example>
<p>If the token provided by the client was unknown, invalid or expired, the <example caption='Receiving registration form with error (invalid token)'><![CDATA[
server should return an appropriate error to the client:</p> <iq type='error' from='example.com' id='reg1'>
<example caption="Server rejects invitation token"><![CDATA[ <query xmlns='jabber:iq:register'>
<iq type="error" from="example.com" id="pa1"> <x xmlns='jabber:x:data' type='form'>
<error type='cancel'> <field type='hidden' var='FORM_TYPE'>
<item-not-found xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/> <value>urn:xmpp:invite:1</value>
<text>The provided token is invalid or expired</text> </field>
<field type='text-single' var='username'>
<value>juliet<value/>
</field>
<field type='text-private' var='password'>
<value>m1cro$oft<value/>
</field>
<field type='text-single' var='token'>
<value>BADTOKEN<value/>
</field>
</x>
</query>
<error type='modify'>
<bad-request xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
<invalid-token xmlns='urn:xmpp:invite:1'/>
</error>
</iq>
]]></example>
<example caption='Receiving registration form with error (token expired)'><![CDATA[
<iq type='error' from='example.com' id='reg1'>
<query xmlns='jabber:iq:register'>
<x xmlns='jabber:x:data' type='form'>
<field type='hidden' var='FORM_TYPE'>
<value>urn:xmpp:invite:1</value>
</field>
<field type='text-single' var='username'>
<value>juliet<value/>
</field>
<field type='text-private' var='password'>
<value>m1cro$oft<value/>
</field>
<field type='text-single' var='token'>
<value>OLDTOKEN<value/>
</field>
</x>
</query>
<error type='cancel'>
<not-allowed xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
<token-expired xmlns='urn:xmpp:invite:1'/>
</error> </error>
</iq> </iq>
]]></example> ]]></example>
<p>In the success case, the client proceeds with registration as defined in
&xep0077;. If the token is rejected by the server, the client still MAY
attempt to perform IBR if the server allows that.</p>
<p>After the invitee has successfully registered on the inviter's server <p>After the invitee has successfully registered on the inviter's server
and roster subscription is enabled for account creation, the server MUST and roster subscription is enabled for account creation, the server MUST
use roster pushes as defined in &rfc6121; §2.1.6 in order to inform the use roster pushes as defined in &rfc6121; §2.1.6 in order to inform the