Enforce pubsub option required/rejected attributes

XEP-0060 states that 'node' and 'jid' attributes to <options> element MUST NOT
be included when <options> are specified at same time as <subscribe> :

https://xmpp.org/extensions/xep-0060.html#subscriber-configure-subandconfig

mod_pubsub will require 'node' and 'jid' attributes on standalone pubsub
options requests, and reject subscribe requests that have options that include
either 'node' or 'jid'

diff --git a/rebar.config b/rebar.config
index df49ede739b8b45184c39d72cc833404eba86444..4a32eac442a19109f70d7bc38c52f19b7429c517 100644 (file)
--- a/rebar.config
+++ b/rebar.config
@@ -25,7 +25,7 @@
         {fast_tls, ".*", {git, "https://github.com/processone/fast_tls", {tag, "1.0.23"}}},
         {stringprep, ".*", {git, "https://github.com/processone/stringprep", {tag, "1.0.12"}}},
         {fast_xml, ".*", {git, "https://github.com/processone/fast_xml", {tag, "1.1.32"}}},
-        {xmpp, ".*", {git, "https://github.com/processone/xmpp", "c98ee04"}},
+        {xmpp, ".*", {git, "https://github.com/processone/xmpp", "007a716"}},
         {fast_yaml, ".*", {git, "https://github.com/processone/fast_yaml", {tag, "1.0.15"}}},
         {jiffy, ".*", {git, "https://github.com/davisp/jiffy", {tag, "0.14.8"}}},
         {p1_oauth2, ".*", {git, "https://github.com/processone/p1_oauth2", {tag, "0.6.3"}}},

diff --git a/src/mod_pubsub.erl b/src/mod_pubsub.erl
index d96933e11440b5a91b14976fd0b926556da6839b..e50466d0037e7c8ad473c3abdc706c937ce4552f 100644 (file)
--- a/src/mod_pubsub.erl
+++ b/src/mod_pubsub.erl
@@ -1138,8 +1138,17 @@ iq_pubsub(Host, Access, #iq{from = From, type = IQType, lang = Lang,
        {set, #pubsub{subscribe = #ps_subscribe{node = Node, jid = JID},
                      options = Options, _ = undefined}} ->
            Config = case Options of
-                        #ps_options{xdata = XData} ->
+                        #ps_options{xdata = XData, jid = undefined, node = <<>>} ->
                             decode_subscribe_options(XData, Lang);
+                        #ps_options{xdata = _XData, jid = _JID, node = <<>>} ->
+                            Txt = <<"jid not allowed here">>,
+                            {error, xmpp:err_bad_request(Txt, Lang)};
+                        #ps_options{xdata = _XData, jid = undefined, node = _NodeID} ->
+                            Txt = <<"node not allowed here">>,
+                            {error, xmpp:err_bad_request(Txt, Lang)};
+                        #ps_options{xdata = _XData, jid = _JID, node = _NodeID} ->
+                            Txt = <<"jid and node not allowed here">>,
+                            {error, xmpp:err_bad_request(Txt, Lang)};
                         _ ->
                             []
                     end,
@@ -1165,6 +1174,12 @@ iq_pubsub(Host, Access, #iq{from = From, type = IQType, lang = Lang,
        {get, #pubsub{affiliations = {Node, _}, _ = undefined}} ->
            Plugins = config(serverhost(Host), plugins),
            get_affiliations(Host, Node, From, Plugins);
+       {_, #pubsub{options = #ps_options{jid = undefined}, _ = undefined}} ->
+           Txt = <<"jid required">>,
+           {error, extended_error(xmpp:err_bad_request(Txt, Lang), err_jid_required())};
+       {_, #pubsub{options = #ps_options{node = <<>>}, _ = undefined}} ->
+           Txt = <<"nodeid required">>,
+           {error, extended_error(xmpp:err_bad_request(Txt, Lang), err_nodeid_required())};
        {get, #pubsub{options = #ps_options{node = Node, subid = SubId, jid = JID},
                      _ = undefined}} ->
            get_options(Host, Node, JID, SubId, Lang);