slixmpp/plugins/xep_0078/legacyauth.py

   1 """
   2     Slixmpp: The Slick XMPP Library
   3     Copyright (C) 2011 Nathanael C. Fritz
   4     This file is part of Slixmpp.
   5
   6     See the file LICENSE for copying permission.
   7 """
   8
   9 import uuid
  10 import logging
  11 import hashlib
  12 import random
  13 import sys
  14
  15 from slixmpp.jid import JID
  16 from slixmpp.exceptions import IqError, IqTimeout
  17 from slixmpp.stanza import Iq, StreamFeatures
  18 from slixmpp.xmlstream import ElementBase, ET, register_stanza_plugin
  19 from slixmpp.plugins import BasePlugin
  20 from slixmpp.plugins.xep_0078 import stanza
  21
  22
  23 log = logging.getLogger(__name__)
  24
  25
  26 class XEP_0078(BasePlugin):
  27
  28     """
  29     XEP-0078 NON-SASL Authentication
  30
  31     This XEP is OBSOLETE in favor of using SASL, so DO NOT use this plugin
  32     unless you are forced to use an old XMPP server implementation.
  33     """
  34
  35     name = 'xep_0078'
  36     description = 'XEP-0078: Non-SASL Authentication'
  37     dependencies = set()
  38     stanza = stanza
  39     default_config = {
  40         'order': 15
  41     }
  42
  43     def plugin_init(self):
  44         self.xmpp.register_feature('auth',
  45                 self._handle_auth,
  46                 restart=False,
  47                 order=self.order)
  48
  49         self.xmpp.add_event_handler('legacy_protocol',
  50                 self._handle_legacy_protocol)
  51
  52         register_stanza_plugin(Iq, stanza.IqAuth)
  53         register_stanza_plugin(StreamFeatures, stanza.AuthFeature)
  54
  55     def plugin_end(self):
  56         self.xmpp.del_event_handler('legacy_protocol',
  57                 self._handle_legacy_protocol)
  58         self.xmpp.unregister_feature('auth', self.order)
  59
  60     def _handle_auth(self, features):
  61         # If we can or have already authenticated with SASL, do nothing.
  62         if 'mechanisms' in features['features']:
  63             return False
  64         return self.authenticate()
  65
  66     def _handle_legacy_protocol(self, event):
  67         self.authenticate()
  68
  69     def authenticate(self):
  70         if self.xmpp.authenticated:
  71             return False
  72
  73         log.debug("Starting jabber:iq:auth Authentication")
  74
  75         # Step 1: Request the auth form
  76         iq = self.xmpp.Iq()
  77         iq['type'] = 'get'
  78         iq['to'] = self.xmpp.requested_jid.host
  79         iq['auth']['username'] = self.xmpp.requested_jid.user
  80
  81         try:
  82             resp = iq.send()
  83         except IqError as err:
  84             log.info("Authentication failed: %s", err.iq['error']['condition'])
  85             self.xmpp.event('failed_auth')
  86             self.xmpp.disconnect()
  87             return True
  88         except IqTimeout:
  89             log.info("Authentication failed: %s", 'timeout')
  90             self.xmpp.event('failed_auth')
  91             self.xmpp.disconnect()
  92             return True
  93
  94         # Step 2: Fill out auth form for either password or digest auth
  95         iq = self.xmpp.Iq()
  96         iq['type'] = 'set'
  97         iq['auth']['username'] = self.xmpp.requested_jid.user
  98
  99         # A resource is required, so create a random one if necessary
 100         resource = self.xmpp.requested_jid.resource
 101         if not resource:
 102             resource = str(uuid.uuid4())
 103
 104         iq['auth']['resource'] = resource
 105
 106         if 'digest' in resp['auth']['fields']:
 107             log.debug('Authenticating via jabber:iq:auth Digest')
 108             if sys.version_info < (3, 0):
 109                 stream_id = bytes(self.xmpp.stream_id)
 110                 password = bytes(self.xmpp.password)
 111             else:
 112                 stream_id = bytes(self.xmpp.stream_id, encoding='utf-8')
 113                 password = bytes(self.xmpp.password, encoding='utf-8')
 114
 115             digest = hashlib.sha1(b'%s%s' % (stream_id, password)).hexdigest()
 116             iq['auth']['digest'] = digest
 117         else:
 118             log.warning('Authenticating via jabber:iq:auth Plain.')
 119             iq['auth']['password'] = self.xmpp.password
 120
 121         # Step 3: Send credentials
 122         try:
 123             result = iq.send()
 124         except IqError as err:
 125             log.info("Authentication failed")
 126             self.xmpp.event("failed_auth")
 127             self.xmpp.disconnect()
 128         except IqTimeout:
 129             log.info("Authentication failed")
 130             self.xmpp.event("failed_auth")
 131             self.xmpp.disconnect()
 132
 133         self.xmpp.features.add('auth')
 134
 135         self.xmpp.authenticated = True
 136
 137         self.xmpp.boundjid = JID(self.xmpp.requested_jid,
 138                 resource=resource,
 139                 cache_lock=True)
 140         self.xmpp.event('session_bind', self.xmpp.boundjid)
 141
 142         log.debug("Established Session")
 143         self.xmpp.sessionstarted = True
 144         self.xmpp.event('session_start')
 145
 146         return True