Stream compression after sasl #616
Conversation
ludwikbukowski
commented
Dec 9, 2015
ludwikbukowski
commented
- fixed compresion advertising after tls negotiation.
- it's now possible to change negotation features order ( XEP-0170) due to Negotiation for Stream Compression ignored by server after SASL #242
- few more tests for tls, compression, autentication and bind order in connect_SUITE
- tests work with Sending works both with tls and zlib compression escalus#88
ludwikbukowski
force-pushed
the
stream-compression-after-SASL
branch
2 times, most recently
from
2e16000 to
ab60c8c
Compare
|
I think you have to change |
| stream_start_features_before_bind(S); | ||
| {_, _} -> | ||
| {_, <<>>, _} -> | ||
| stream_start_features_before_auth(S); |
There was a problem hiding this comment.
In this branch the user is authenticated so it's misleading to use function named *_before_auth (even if the output is the same). Maybe the function name should be changed to reflect both cases.
There was a problem hiding this comment.
You're right it can lead to confusion
ludwikbukowski
force-pushed
the
stream-compression-after-SASL
branch
3 times, most recently
from
8505806 to
e85a282
Compare
| Value. | ||
|
|
||
| %% tests for different order feature negotiation | ||
| tls_compression_authenticate(Config) -> |
There was a problem hiding this comment.
According to XEP-0138 we shouldn't allow compression before authentication. It may be used by malicious and not-registered users to attack the server.
There was a problem hiding this comment.
Hence order of feature negotiation should be also changed in escalus_connection:start function:
https://github.com/esl/escalus/blob/master/src/escalus_connection.erl#L70
I've done it here esl/escalus#88
|
I will try do some code refactoring so its still WIP |
ludwikbukowski
force-pushed
the
stream-compression-after-SASL
branch
from
6dfb78b to
3349951
Compare
| @@ -772,7 +756,7 @@ wait_for_session_or_sm({xmlstreamelement, El}, StateData0) -> | |||
| #iq{type = set, xmlns = ?NS_SESSION} -> | |||
| maybe_open_session(El, StateData); | |||
| _ -> | |||
| fsm_next_state(wait_for_session_or_sm, StateData) | |||
| maybe_do_compress(El, wait_for_session_or_sm, StateData) | |||
There was a problem hiding this comment.
I think we should end up in the same state after enabling the compression, but this time compression shouldn't be allowed. How else the binding process will happen?
There was a problem hiding this comment.
Ah, sorry, forgot that you have to open session after enabling a feature... no comment then...
ludwikbukowski
force-pushed
the
stream-compression-after-SASL
branch
from
e898148 to
18be0ae
Compare
| @@ -734,7 +718,7 @@ wait_for_bind_or_resume({xmlstreamelement, El}, StateData) -> | |||
| StateData#state{resource = R, jid = JID}) | |||
| end; | |||
| _ -> | |||
| fsm_next_state(wait_for_bind_or_resume, StateData) | |||
| maybe_do_compress(El, wait_for_bind_or_resume, StateData) | |||
| end; | |||
|
|
|||
| wait_for_bind_or_resume(timeout, StateData) -> | |||
There was a problem hiding this comment.
I think this name is not valid any more. Now we can do bind or resume or compression here. How about naming it wait_for_feature_after_auth?
|
Why tests don't pass?
|
|
Alternatively, we can rebase this branch on top of |
ludwikbukowski
force-pushed
the
stream-compression-after-SASL
branch
4 times, most recently
from
56960ca to
546a708
Compare
| maybe_do_compress(El, NextState, StateData) -> | ||
| SockMod = (StateData#state.sockmod):get_sockmod(StateData#state.socket), | ||
| {Zlib, _} = StateData#state.zlib, | ||
| #xmlel{name = Name, attrs = Attrs, children = _} = El, |
There was a problem hiding this comment.
How about moving this matching to the function's head?
Also this part:
children = _
is redundant
| @@ -57,6 +60,13 @@ groups() -> | |||
| invalid_stream_namespace]}, | |||
| {pre_xmpp_1_0, [], [pre_xmpp_1_0_stream]}, | |||
| {starttls, test_cases()}, | |||
| {feature_order, [stream_features_test, | |||
There was a problem hiding this comment.
As we are in process of adopting parallel tests I strongly recommend using the parallel property for this group and escalus_fresh module. You can take a look at this SUITE [1] for inspiration how to use it (also outside story - test case server_announces_csi).
|
Additionally I have a general comment/tip. Please set your IDE to use 4 spaces for tab and re-indent your changes. Currently you have 2 spaces. |
Introduce a suite to test the order of stream feature advertisment and negotiation. To begin with test the stream compression feature.
…to negotiate compression after tls. There were matches on `tls` module which does not exist.
Fixed test for compression-authentication order Authentication before compression in stream_features_test
* Introducing state "wait_for_feature_before_auth" instead of "wait_for_feature_request" * Introducing state "waif_for_feature_after_auth" instead of "wait_for_bind_or_resume"
ludwikbukowski
force-pushed
the
stream-compression-after-SASL
branch
from
546a708 to
b4e811c
Compare
ludwikbukowski
force-pushed
the
stream-compression-after-SASL
branch
from
b4e811c to
629010e
Compare
