xmppjs · singpolyma · Nov 21, 2023 · Nov 21, 2023 · Nov 21, 2023 · Nov 21, 2023
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -52,7 +52,7 @@
   "bundlesize": [
     {
       "path": "./packages/client/dist/xmpp.min.js",
-      "maxSize": "16 KB"
+      "maxSize": "17 KB"
     }
   ],
   "lint-staged": {

diff --git a/packages/client/browser.js b/packages/client/browser.js
@@ -12,6 +12,7 @@ const _iqCallee = require("@xmpp/iq/callee");
 const _resolve = require("@xmpp/resolve");
 
 // Stream features - order matters and define priority
+const _sasl2 = require("@xmpp/sasl2");
 const _sasl = require("@xmpp/sasl");
 const _resourceBinding = require("@xmpp/resource-binding");
 const _sessionEstablishment = require("@xmpp/session-establishment");
@@ -23,6 +24,7 @@ const plain = require("@xmpp/sasl-plain");
 
 function client(options = {}) {
   const { resource, credentials, username, password, ...params } = options;
+  const { clientId, software, device } = params;
 
   const { domain, service } = params;
   if (!domain && service) {
@@ -40,11 +42,17 @@ function client(options = {}) {
   const iqCallee = _iqCallee({ middleware, entity });
   const resolve = _resolve({ entity });
   // Stream features - order matters and define priority
+  const sasl2 = _sasl2(
+    { streamFeatures },
+    credentials || { username, password },
+    { clientId, software, device },
+  );
   const sasl = _sasl({ streamFeatures }, credentials || { username, password });
   const streamManagement = _streamManagement({
     streamFeatures,
     entity,
     middleware,
+    sasl2,
   });
   const resourceBinding = _resourceBinding(
     { iqCaller, streamFeatures },
@@ -55,9 +63,10 @@ function client(options = {}) {
     streamFeatures,
   });
   // SASL mechanisms - order matters and define priority
-  const mechanisms = Object.entries({ plain, anonymous }).map(([k, v]) => ({
-    [k]: v(sasl),
-  }));
+  const mechanisms = Object.entries({
+    plain,
+    anonymous,
+  }).map(([k, v]) => ({ [k]: [v(sasl2), v(sasl)] }));
 
   return Object.assign(entity, {
     entity,
@@ -68,6 +77,7 @@ function client(options = {}) {
     iqCaller,
     iqCallee,
     resolve,
+    sasl2,
     sasl,
     resourceBinding,
     sessionEstablishment,

diff --git a/packages/client/index.js b/packages/client/index.js
@@ -15,18 +15,21 @@ const _resolve = require("@xmpp/resolve");
 
 // Stream features - order matters and define priority
 const _starttls = require("@xmpp/starttls/client");
+const _sasl2 = require("@xmpp/sasl2");
 const _sasl = require("@xmpp/sasl");
 const _resourceBinding = require("@xmpp/resource-binding");
 const _sessionEstablishment = require("@xmpp/session-establishment");
 const _streamManagement = require("@xmpp/stream-management");
 
 // SASL mechanisms - order matters and define priority
 const scramsha1 = require("@xmpp/sasl-scram-sha-1");
+const htsha256 = require("@xmpp/sasl-ht-sha-256-none");
 const plain = require("@xmpp/sasl-plain");
 const anonymous = require("@xmpp/sasl-anonymous");
 
 function client(options = {}) {
   const { resource, credentials, username, password, ...params } = options;
+  const { clientId, software, device } = params;
 
   const { domain, service } = params;
   if (!domain && service) {
@@ -47,11 +50,17 @@ function client(options = {}) {
   const resolve = _resolve({ entity });
   // Stream features - order matters and define priority
   const starttls = _starttls({ streamFeatures });
+  const sasl2 = _sasl2(
+    { streamFeatures },
+    credentials || { username, password },
+    { clientId, software, device },
+  );
   const sasl = _sasl({ streamFeatures }, credentials || { username, password });
   const streamManagement = _streamManagement({
     streamFeatures,
     entity,
     middleware,
+    sasl2,
   });
   const resourceBinding = _resourceBinding(
     { iqCaller, streamFeatures },
@@ -64,9 +73,10 @@ function client(options = {}) {
   // SASL mechanisms - order matters and define priority
   const mechanisms = Object.entries({
     scramsha1,
+    htsha256,
     plain,
     anonymous,
-  }).map(([k, v]) => ({ [k]: v(sasl) }));
+  }).map(([k, v]) => ({ [k]: [v(sasl2), v(sasl)] }));
 
   return Object.assign(entity, {
     entity,
@@ -80,6 +90,7 @@ function client(options = {}) {
     iqCallee,
     resolve,
     starttls,
+    sasl2,
     sasl,
     resourceBinding,
     sessionEstablishment,

diff --git a/packages/client/package.json b/packages/client/package.json
@@ -16,10 +16,12 @@
     "@xmpp/reconnect": "^0.13.2",
     "@xmpp/resolve": "^0.13.2",
     "@xmpp/resource-binding": "^0.13.2",
+    "@xmpp/sasl2": "^0.13.0",
     "@xmpp/sasl": "^0.13.2",
     "@xmpp/sasl-anonymous": "^0.13.2",
     "@xmpp/sasl-plain": "^0.13.2",
     "@xmpp/sasl-scram-sha-1": "^0.13.2",
+    "@xmpp/sasl-ht-sha-256-none": "^0.13.0",
     "@xmpp/session-establishment": "^0.13.2",
     "@xmpp/starttls": "^0.13.2",
     "@xmpp/stream-features": "^0.13.2",

diff --git a/packages/connection/index.js b/packages/connection/index.js
@@ -258,6 +258,13 @@ class Connection extends EventEmitter {
 
     const headerElement = this.headerElement();
     headerElement.attrs.to = domain;
+    if (
+      this.socket.secure &&
+      this.socket.secure() &&
+      (this.streamFrom || this.jid)
+    ) {
+      headerElement.attrs.from = (this.streamFrom || this.jid).toString();
+    }
     headerElement.attrs["xml:lang"] = lang;
     this.root = headerElement;
 

diff --git a/packages/sasl-ht-sha-256-none/index.js b/packages/sasl-ht-sha-256-none/index.js
@@ -0,0 +1,28 @@
+"use strict";
+
+var createHmac = require("create-hmac");
+
+function Mechanism() {}
+
+Mechanism.prototype.Mechanism = Mechanism;
+Mechanism.prototype.name = "HT-SHA-256-NONE";
+Mechanism.prototype.clientFirst = true;
+
+Mechanism.prototype.response = (cred) => {
+  this.password = cred.password;
+  const hmac = createHmac("sha256", this.password);
+  hmac.update("Initiator");
+  return cred.username + "\0" + hmac.digest("latin1");
+};
+
+Mechanism.prototype.final = (data) => {
+  const hmac = createHmac("sha256", this.password);
+  hmac.update("Responder");
+  if (hmac.digest("latin1") !== data) {
+    throw "Responder message from server was wrong";
+  }
+};
+
+module.exports = function sasl2(sasl) {
+  sasl.use(Mechanism);
+};
diff --git a/packages/sasl-ht-sha-256-none/package.json b/packages/sasl-ht-sha-256-none/package.json
@@ -0,0 +1,23 @@
+{
+  "name": "@xmpp/sasl-ht-sha-256-none",
+  "description": "XMPP SASL HT-SHA-256-NONE for JavaScript",
+  "repository": "github:xmppjs/xmpp.js",
+  "homepage": "https://github.com/xmppjs/xmpp.js/tree/main/packages/sasl-ht-sha-256-none",
+  "bugs": "http://github.com/xmppjs/xmpp.js/issues",
+  "version": "0.13.0",
+  "license": "ISC",
+  "keywords": [
+    "XMPP",
+    "sasl",
+    "plain"
+  ],
+  "dependencies": {
+    "create-hmac": "^1.1.7"
+  },
+  "engines": {
+    "node": ">= 14"
+  },
+  "publishConfig": {
+    "access": "public"
+  }
+}
diff --git a/packages/sasl/test.js b/packages/sasl/test.js
@@ -153,8 +153,6 @@ test("use ANONYMOUS if username and password are not provided", async (t) => {
 });
 
 test("with whitespaces", async (t) => {
-  console.log("truc");
-
   const { entity } = mockClient();
 
   entity.mockInput(

diff --git a/packages/sasl2/README.md b/packages/sasl2/README.md
@@ -0,0 +1,79 @@
+# SASL
-# SASL
+# SASL2
-# SASL
+# SASL2
+
+SASL2 Negotiation for `@xmpp/client` (including optional BIND2 and FAST).
+
+Note that if you set clientId then BIND2 will be used so you will not get offline messages (and are expected to do a MAM sync instead if you want that).
+
+Included and enabled in `@xmpp/client`.
+
+## Usage
+
+### object
+
+```js
+const {xmpp} = require('@xmpp/client')
+const client = xmpp({credentials: {
+  username: 'foo',
+  password: 'bar',
+  clientId: "Some UUID for this client/server pair (optional)",
+  software: "Name of this software (optional)",
+  device: "Description of this device (optional)",
+})
+```
+
+### function
+
+Instead, you can provide a function that will be called every time authentication occurs (every (re)connect).
+
+Uses cases:
+
+- Have the user enter the password every time
+- Do not ask for password before connection is made
+- Debug authentication
+- Using a SASL mechanism with specific requirements (such as FAST)
+- Perform an asynchronous operation to get credentials
+
+```js
+const { xmpp } = require("@xmpp/client");
+const client = xmpp({
+  credentials: authenticate,
+  clientId: "Some UUID for this client/server pair (optional)",
+  software: "Name of this software (optional)",
+  device: "Description of this device (optional)",
+});
+
+async function authenticate(callback, mechanisms) {
+  const fast = mechanisms.find((mech) => mech.canFast)?.name;
+  const mech = mechanisms.find((mech) => mech.canOther)?.name;
+
+  if (fast) {
+    const [token, count] = await db.lookupFast(clientId);
+    if (token) {
+      await db.incrementFastCount(clientId);
+      return callback(
+        {
+          username: await prompt("enter username"),
+          password: token,
+          fastCount: count,
+        },
+        fast,
+      );
+    }
+  }
+
+  return callback(
+    {
+      username: await prompt("enter username"),
+      password: await prompt("enter password"),
+      requestToken: fast,
+    },
+    mech,
+  );
+}
+```
+
+## References
+
+[SASL2](https://xmpp.org/extensions/xep-0388.html)
+[BIND2](https://xmpp.org/extensions/xep-0386.html)
+[FAST](https://xmpp.org/extensions/inbox/xep-fast.html)