fall back to regular authentication if fast fails

(cherry picked from commit 44bfff7e490496d02c3c22a7400848b6679f614e)
2022-11-16 11:00:43 +01:00 · 2022-11-16 11:00:43 +01:00 · 778ec8245f
commit 778ec8245f
parent cf7945aae6
1 changed files with 23 additions and 4 deletions
--- a/src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java
+++ b/src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java
@ -884,17 +884,17 @@ public class XmppConnection implements Runnable {
        }
    }

-    private void processFailure(final Element failure) throws StateChangingException {
+    private void processFailure(final Element failure) throws IOException {
        final SaslMechanism.Version version;
        try {
            version = SaslMechanism.Version.of(failure);
        } catch (final IllegalArgumentException e) {
            throw new StateChangingException(Account.State.INCOMPATIBLE_SERVER);
        }
-        Log.d(Config.LOGTAG,failure.toString());
+        Log.d(Config.LOGTAG, failure.toString());
        Log.d(Config.LOGTAG, account.getJid().asBareJid() + ": login failure " + version);
        if (SaslMechanism.hashedToken(this.saslMechanism)) {
-            Log.d(Config.LOGTAG,account.getJid().asBareJid() + ": resetting token");
+            Log.d(Config.LOGTAG, account.getJid().asBareJid() + ": resetting token");
            account.resetFastToken();
            mXmppConnectionService.databaseBackend.updateAccount(account);
        }
@ -919,7 +919,15 @@ public class XmppConnection implements Runnable {
                }
            }
        }
-        throw new StateChangingException(Account.State.UNAUTHORIZED);
+        if (SaslMechanism.hashedToken(this.saslMechanism)) {
+            Log.d(
+                    Config.LOGTAG,
+                    account.getJid().asBareJid()
+                            + ": fast authentication failed. falling back to regular authentication");
+            authenticate();
+        } else {
+            throw new StateChangingException(Account.State.UNAUTHORIZED);
+        }
    }

    private static SSLSocket sslSocketOrNull(final Socket socket) {
@ -1392,6 +1400,17 @@ public class XmppConnection implements Runnable {
        }
    }

+    private void authenticate() throws IOException {
+        final boolean isSecure =
+                features.encryptionEnabled || Config.ALLOW_NON_TLS_CONNECTIONS || account.isOnion();
+        if (isSecure && this.streamFeatures.hasChild("authentication", Namespace.SASL_2)) {authenticate(SaslMechanism.Version.SASL_2);
+        } else if (isSecure && this.streamFeatures.hasChild("mechanisms", Namespace.SASL)) {
+            authenticate(SaslMechanism.Version.SASL);
+        } else {
+            throw new StateChangingException(Account.State.INCOMPATIBLE_SERVER);
+        }
+    }
+
    private void authenticate(final SaslMechanism.Version version) throws IOException {
        final Element authElement;
        if (version == SaslMechanism.Version.SASL) {