Prosody server doesn't send vCard tag, if no vCard exists. Is it a bug or it's ok?
According XEP-0053, if no vCard exists or the user does not exist, the server MUST return a stanza error, which SHOULD be either <service-unavailable/> or <item-not-found/> (but the server MUST return the same error condition in both cases to help prevent directory harvesting attacks).
Example from XEP
<iq id='v3'
to='stpeter@jabber.org/roundabout'
type='error'>
<vCard xmlns='vcard-temp'/>
<error type='cancel'>
<service-unavailable xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
</error>
</iq>
Original code
- - - - -
if vCard then
session.send(st.reply(stanza):add_child(vCard)); -- send vCard!
else
session.send(st.error_reply(stanza, "cancel", "item-not-found"));
end
else
- - - - -
Patched code
- - - - -
if vCard then
session.send(st.reply(stanza):add_child(vCard)); -- send vCard!
else
session.send(st.error_reply(stanza, "cancel", "item-not-found"):up():tag("vCard", { xmlns = "vcard-temp" }));
end
else
- - - - -
prosodyctl about
Prosody 0.10 nightly build 206 (2016-01-29, bd29742fa1ba)
# Prosody directories
Data directory: /var/lib/prosody
Config directory: /etc/prosody
Source directory: /usr/lib64/prosody
Plugin directories:
/usr/lib64/prosody/modules/
# Lua environment
Lua version: Lua 5.1
Lua module search paths:
/usr/lib64/prosody/?.lua
/usr/share/lua/5.1/?.lua
/usr/share/lua/5.1/?/init.lua
/usr/lib64/lua/5.1/?.lua
/usr/lib64/lua/5.1/?/init.lua
Lua C module search paths:
/usr/lib64/prosody/?.so
/usr/lib64/lua/5.1/?.so
/usr/lib64/lua/5.1/loadall.so
LuaRocks: Not installed
# Lua module versions
lfs: LuaFileSystem 1.6.2
lxp: LuaExpat 1.3.0
socket: LuaSocket 3.0-rc1
ssl: 0.5.PR
Zash
on
The current behavior is valid.
According to XMPP-Core (RFC 6120), stanza errors can contain the original payload, so the <vCard> in the example you reference is copied from the iq-get in example 1.
http://xmpp.org/rfcs/rfc6120.html#stanzas-error-rules states:
The entity that returns an error stanza MAY include the original XML sent [...] however, this is a courtesy only and the originating entity MUST NOT depend on receiving the original payload
So this is optional and Prosody is free to not do it.
See also MattJs answer in #401 the same issue in a different error reply.
Prosody server doesn't send vCard tag, if no vCard exists. Is it a bug or it's ok? According XEP-0053, if no vCard exists or the user does not exist, the server MUST return a stanza error, which SHOULD be either <service-unavailable/> or <item-not-found/> (but the server MUST return the same error condition in both cases to help prevent directory harvesting attacks). Example from XEP <iq id='v3' to='stpeter@jabber.org/roundabout' type='error'> <vCard xmlns='vcard-temp'/> <error type='cancel'> <service-unavailable xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/> </error> </iq> Original code - - - - - if vCard then session.send(st.reply(stanza):add_child(vCard)); -- send vCard! else session.send(st.error_reply(stanza, "cancel", "item-not-found")); end else - - - - - Patched code - - - - - if vCard then session.send(st.reply(stanza):add_child(vCard)); -- send vCard! else session.send(st.error_reply(stanza, "cancel", "item-not-found"):up():tag("vCard", { xmlns = "vcard-temp" })); end else - - - - - prosodyctl about Prosody 0.10 nightly build 206 (2016-01-29, bd29742fa1ba) # Prosody directories Data directory: /var/lib/prosody Config directory: /etc/prosody Source directory: /usr/lib64/prosody Plugin directories: /usr/lib64/prosody/modules/ # Lua environment Lua version: Lua 5.1 Lua module search paths: /usr/lib64/prosody/?.lua /usr/share/lua/5.1/?.lua /usr/share/lua/5.1/?/init.lua /usr/lib64/lua/5.1/?.lua /usr/lib64/lua/5.1/?/init.lua Lua C module search paths: /usr/lib64/prosody/?.so /usr/lib64/lua/5.1/?.so /usr/lib64/lua/5.1/loadall.so LuaRocks: Not installed # Lua module versions lfs: LuaFileSystem 1.6.2 lxp: LuaExpat 1.3.0 socket: LuaSocket 3.0-rc1 ssl: 0.5.PR
The current behavior is valid. According to XMPP-Core (RFC 6120), stanza errors can contain the original payload, so the <vCard> in the example you reference is copied from the iq-get in example 1. http://xmpp.org/rfcs/rfc6120.html#stanzas-error-rules states: The entity that returns an error stanza MAY include the original XML sent [...] however, this is a courtesy only and the originating entity MUST NOT depend on receiving the original payload So this is optional and Prosody is free to not do it. See also MattJs answer in #401 the same issue in a different error reply.
Changes