#1655 Groupchat creation / invitation malfunctioning

Reporter blindcoder
Owner Nobody
Stars ★ (1)
  • Type-Defect
  • Status-Accepted
  • Priority-Medium
  • Component-Community
  1. blindcoder on

    Hello. My family uses Conversations as their main communication medium. I am using Conversations from F-Droid, the rest of my family from Google Play. I host an XMPP server with prosody 0.11.2 on Debian, configuration attached later. We currently encounter an issue with creating / inviting to private group chats, within the server only, not crossing server boundaries. Steps to reproduce: Create private group chat invite 2 other people to group chat Expected result: Group chat should be created with both other people in the list of chat members and able to see and chat. Actual result: Group chat is created, but member list is empty. Steps taken to remedy so far: Force closing and restarting Conversations makes the members show up in the list of chat members, but the chat does not appear on other members' devices. I tested this by holding my wife's and my device next to each other. Members are shown an "Member (Offline)" even though the are "Online" in the chat overview and I can send them messages. Holding on a members name and tapping "Invite again" has solved membership for one member, but not another. Restarting prosody did nothing to remedy. Only way to get everyone into the channel is to force-close Conversations on every members device, start it again, then "Invite again" for that member. I've tried checking in debug logs, error logs and google the issue, but am at my wits end here. Versions of Conversation is latest from F-Droid and Google Play, respectively. Prosody 0.11.2. Prosody config attached. Actual domain replaced with "example.com", secrets replaced with "secret". root@gateway:/etc/prosody# cat prosody.cfg.lua admins = { "benjamin@example.com" } --use_libevent = true; modules_enabled = { -- Generally required "roster"; -- Allow users to have a roster. Recommended ;) "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. "tls"; -- Add support for secure TLS on c2s/s2s connections "dialback"; -- s2s dialback support "disco"; -- Service discovery -- Not essential, but recommended "private"; -- Private XML storage (for room bookmarks, etc.) "carbons"; -- Keep multiple clients in sync "pep"; -- Enables users to publish their avatar, mood, activity, playing music and more "blocklist"; -- Allow users to block communications with other users "vcard4"; -- User profiles (stored in PEP) "vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard -- Nice to have "version"; -- Replies to server version requests "uptime"; -- Report how long server has been running "time"; -- Let others know the time here on this server "ping"; -- Replies to XMPP pings with pongs "register"; -- Allow users to register on this server using a client and change passwords "mam"; "csi_simple"; -- Simple Mobile optimizations -- Admin interfaces "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands -- HTTP modules --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" --"http_files"; -- Serve static files from a directory over HTTP "websocket"; -- Other specific functionality "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. "groups"; -- Shared roster support --"announce"; -- Send announcement to all online users --"welcome"; -- Welcome users who register accounts --"watchregistrations"; -- Alert admins of registrations --"motd"; -- Send a message to users when they log in --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. "http"; --"http_upload"; "http_upload_external"; "storage_sql"; "proxy65"; "cloud_notify"; "csi"; "turncredentials"; "auth_ldap"; "offline"; "smacks"; "blocking"; "block_strangers"; }; -- These modules are auto-loaded, but should you want -- to disable them then uncomment them here: modules_disabled = { -- "offline"; -- Store offline messages -- "c2s"; -- Handle client connections -- "s2s"; -- Handle server-to-server connections }; groups_file = "/etc/prosody/sharedgroups.txt" -- Disable account creation by default, for security -- For more information see http://prosody.im/doc/creating_accounts allow_registration = false; -- Debian: -- send the server to background. -- daemonize = true; -- Debian: -- Please, don't change this option since /var/run/prosody/ -- is one of the few directories Prosody is allowed to write to -- pidfile = "/var/run/prosody/prosody.pid"; proxy65_ports = { 5000 } proxy65_interfaces = { "*" } -- These are the SSL/TLS-related settings. If you don't want -- to use SSL/TLS, you may comment or remove this ssl = { key = "/etc/prosody/certs/privkey.pem"; certificate = "/etc/prosody/certs/fullchain.pem"; } https_ssl = { key = "/etc/prosody/certs/privkey.pem"; certificate = "/etc/prosody/certs/fullchain.pem"; } -- Force clients to use encrypted connections? This option will -- prevent clients from authenticating unless they are using encryption. c2s_require_encryption = false -- Force certificate authentication for server-to-server connections? -- This provides ideal security, but requires servers you communicate -- with to support encryption AND present valid, trusted certificates. -- NOTE: Your version of LuaSec must support certificate verification! -- For more information see http://prosody.im/doc/s2s#security s2s_secure_auth = false -- Many servers don't support encryption or have invalid or self-signed -- certificates. You can list domains here that will not be required to -- authenticate using certificates. They will be authenticated using DNS. --s2s_insecure_domains = { "gmail.com" } -- Even if you leave s2s_secure_auth disabled, you can still require valid -- certificates for some domains by specifying a list here. --s2s_secure_domains = { "jabber.org" } -- Select the authentication backend to use. The 'internal' providers -- use Prosody's configured data storage to store the authentication data. -- To allow Prosody to offer secure authentication mechanisms to clients, the -- default provider stores passwords in plaintext. If you do not trust your -- server please see http://prosody.im/doc/modules/mod_auth_internal_hashed -- for information about using the hashed backend. -- authentication = "internal_plain" authentication = "ldap"; ldap_base = "cn=users,cn=accounts,dc=example,dc=com" ldap_rootdn = "uid=system,cn=sysaccounts,cn=etc,dc=example,dc=com" ldap_password = "secret" ldap_filter = "(&(mail=$user@$host)(memberOf=cn=prosody-user,cn=groups,cn=accounts,dc=example,dc=com))" ldap_server = "" ldap_tls = false ldap_scope = "subtree" ldap_admin_filter = "(&(mail=$user@$host)(memberOf=cn=prosody-admin,cn=groups,cn=accounts,dc=example,dc=com))" sql = { driver = "MySQL"; -- May also be "MySQL" or "SQLite3" (case sensitive!) database = "prosody_production"; -- The database name to use. For SQLite3 this the database filename (relative to the data storage directory). host = "mysql.example.com"; -- The address of the database server (delete this line for Postgres) port = 3306; -- For databases connecting over TCP username = "prosody"; -- The username to authenticate to the database password = "secret"; -- The password to authenticate to the database } storage = { archive = "sql"; -- archive2 = "sql"; } default_storage = "sql"; storage = "sql"; archive_expires_after = "6m"; -- Logging configuration -- For advanced logging see http://prosody.im/doc/logging -- -- Debian: -- Logs info and higher to /var/log -- Logs errors to syslog also log = { -- Log files (change 'info' to 'debug' for debug logs): info = "/var/log/prosody/prosody.log"; error = "/var/log/prosody/prosody.err"; -- Syslog: { levels = { "error" }; to = "syslog"; }; } push_notification_with_body = false; push_notification_with_sender = true; push_max_errors = 16; push_notification_important_body = "Neue Nachricht(en)"; push_max_devices = 5; -- http_upload_external http_upload_external_base_url = "https://www.anderdonau.de/share.php/" http_upload_external_secret = 'secret'; http_upload_external_protocol = "v2"; http_upload_external_file_size_limit = 100*1024*1024; turncredentials_host = "jabber.anderdonau.de"; turncredentials_secret = "secret"; Include "conf.d/*.cfg.lua" root@gateway:/etc/prosody# cat conf.d/anderdonau.de.cfg.lua VirtualHost "example.com" http_host = "hydra.example.com" enabled = true -- Remove this line to enable this host log = "/var/log/prosody.log" data_path = "/var/lib/prosody" allow_registration = false interfaces = { "", "::" } -- Assign this host a certificate for TLS, otherwise it would use the one -- set in the global section (if any). ssl = { key = "/etc/prosody/certs/privkey.pem"; certificate = "/etc/prosody/certs/fullchain.pem"; } https_ssl = { key = "/etc/prosody/certs/privkey.pem"; certificate = "/etc/prosody/certs/fullchain.pem"; } admins = { "benjamin@example.com" } ldap_base = "cn=users,cn=accounts,dc=example,dc=com" ldap_rootdn = "uid=system,cn=sysaccounts,cn=etc,dc=example,dc=com" ldap_password = "secret" ldap_filter = "(&(mail=$user@$host)(memberOf=cn=prosody-user,cn=groups,cn=accounts,dc=example,dc=com))" ldap_server = "" ldap_tls = false ldap_scope = "subtree" ldap_admin_filter = "(&(mail=$user@$host)(memberOf=cn=prosody-admin,cn=groups,cn=accounts,dc=example,dc=com))" default_storage = "sql"; storage = "sql"; archive_expires_after = "6m"; ------ Components ------ -- You can specify components to add hosts that provide special services, -- like multi-user conferences, and transports. -- For more information on components, see http://prosody.im/doc/components Component "conference.example.com" "muc" name = "Example.com Chatrooms" restrict_room_creation = "local" max_history_messages = 200 modules_enabled = { "muc_mam"; } muc_log_by_default = true muc_log_presences = true Component "proxy.example.com" "proxy65" proxy65_address = "upload.example.com" proxy65_acl = { "example.com" }

  2. blindcoder on

    Getting same result with Xabber <==> Conversations, both as inviter and invited.

  3. MattJ on

    Hi, thanks for the report! It would be really helpful if you could confirm whether this problem occurs on the latest version of Prosody. There have been a bunch of fixes and improvements to MUC in the 6 releases since 0.11.2. For Debian you can try installing Prosody 0.11.8 from backports. We also provide a package repository that always has the latest release: https://prosody.im/download/package_repository#debianubuntu Also ensure that you and the the recipients are on the latest version of Conversations. Thanks!

    • tags Status-NeedInfo
  4. blindcoder on

    Thank you, I just followed that. Conversations is up to date on all devices used in this test. From prosody.log now: May 10 11:31:54 startup info Hello and welcome to Prosody version 0.11.8 It's gotten better, but not quite fixed. The following "works" kinda: - Create groupchat and invite members - Member list is empty - Force close and restart Conversations on device that created the group chat - Member list populated, everyone listed as "Member (Offline)" - Restart Prosody (possibly just restart Conversations on all devices, couldn't test that atm) - Everyone is in the group chat now correctly

  5. blindcoder on

    Btw, I used a completely new group chat here, deleting the one used previously.

  6. MattJ on

    Thanks for re-testing! Your configuration looks okay, but could you test one more thing? Try without mod_block_strangers loaded. My theory is that this may be blocking invitations from the MUC to the users. Only then I'm not sure why it would work after a restart...

  7. blindcoder on

    Wow, that's it. I just double and triple checked. Disabling mod_block_strangers fixes this for good. I'll temporarily disable itn on my server, had to enable it a while back with incoming contact spam. At least we found the issue, let me know if I can help fixing it for good so that block_strangers works again.

  8. Zash on

    So mod_block_strangers broke it? This module, in its current form, is known to break things very badly. It should probably be deleted, fixed or at least given a big scary warning.

    • tags Component-Community Status-Accepted

New comment

Not published. Used for spam prevention and optional update notifications.