summaryrefslogtreecommitdiff
path: root/sleekxmpp/plugins/xep_0078/legacyauth.py
blob: edb8f314dfbbcfe56515da8140fc80c4a070614a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
"""
    SleekXMPP: The Sleek XMPP Library
    Copyright (C) 2011 Nathanael C. Fritz
    This file is part of SleekXMPP.

    See the file LICENSE for copying permission.
"""

import logging
import hashlib
import random

from sleekxmpp.stanza import Iq, StreamFeatures
from sleekxmpp.xmlstream import ElementBase, ET, register_stanza_plugin
from sleekxmpp.plugins.base import base_plugin
from sleekxmpp.plugins.xep_0078 import stanza


log = logging.getLogger(__name__)


class xep_0078(base_plugin):

    """
    XEP-0078 NON-SASL Authentication

    This XEP is OBSOLETE in favor of using SASL, so DO NOT use this plugin
    unless you are forced to use an old XMPP server implementation.
    """

    def plugin_init(self):
        self.xep = "0078"
        self.description = "Non-SASL Authentication"
        self.stanza = stanza

        self.xmpp.register_feature('auth',
                self._handle_auth,
                restart=False,
                order=self.config.get('order', 15))

        register_stanza_plugin(Iq, stanza.IqAuth)
        register_stanza_plugin(StreamFeatures, stanza.AuthFeature)


    def _handle_auth(self, features):
        # If we can or have already authenticated with SASL, do nothing.
        if 'mechanisms' in features['features']:
            return False
        if self.xmpp.authenticated:
            return False

        log.debug("Starting jabber:iq:auth Authentication")

        # Step 1: Request the auth form
        iq = self.xmpp.Iq()
        iq['type'] = 'get'
        iq['to'] = self.xmpp.boundjid.host
        iq['auth']['username'] = self.xmpp.boundjid.user

        try:
            resp = iq.send(now=True)
        except IqError:
            log.info("Authentication failed: %s" % resp['error']['condition'])
            self.xmpp.event('failed_auth', direct=True)
            self.xmpp.disconnect()
            return True
        except IqTimeout:
            log.info("Authentication failed: %s" % 'timeout')
            self.xmpp.event('failed_auth', direct=True)
            self.xmpp.disconnect()
            return True

        # Step 2: Fill out auth form for either password or digest auth
        iq = self.xmpp.Iq()
        iq['type'] = 'set'
        iq['auth']['username'] = self.xmpp.boundjid.user

        # A resource is required, so create a random one if necessary
        if self.xmpp.boundjid.resource:
            iq['auth']['resource'] = self.xmpp.boundjid.resource
        else:
            iq['auth']['resource'] = '%s' % random.random()

        if 'digest' in resp['auth']['fields']:
            log.debug('Authenticating via jabber:iq:auth Digest')
            if sys.version_info < (3, 0):
                stream_id = bytes(self.xmpp.stream_id)
                password = bytes(self.xmpp.password)
            else:
                stream_id = bytes(self.xmpp.stream_id, encoding='utf-8')
                password = bytes(self.xmpp.password, encoding='utf-8')

            digest = hashlib.sha1(b'%s%s' % (stream_id, password)).hexdigest()
            iq['auth']['digest'] = digest
        else:
            log.warning('Authenticating via jabber:iq:auth Plain.')
            iq['auth']['password'] = self.xmpp.password

        # Step 3: Send credentials
        try:
            result = iq.send(now=True)
        except IqError as err:
            log.info("Authentication failed")
            self.xmpp.disconnect()
            self.xmpp.event("failed_auth", direct=True)
        except IqTimeout:
            log.info("Authentication failed")
            self.xmpp.disconnect()
            self.xmpp.event("failed_auth", direct=True)

        self.xmpp.features.add('auth')

        self.xmpp.authenticated = True
        log.debug("Established Session")
        self.xmpp.sessionstarted = True
        self.xmpp.session_started_event.set()
        self.xmpp.event('session_start')

        return True