From 27d8902b8e38dd459f0b69dc9f17ebf6ad3e2059 Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Thu, 13 Sep 2018 16:35:48 +0100
Subject: util.stanza: Don't automatically generate ids for iq stanzas

Users of this API should provide their own id attribute that meets their
uniqueness requirements.

The current implementation leaks information (i.e. how many iq stanzas
have been sent by the server to other JIDs). Providing any strong
guarantees of randomness here would need to pull in additional
dependencies that we don't want in this simple library.
---
 spec/util_stanza_spec.lua | 17 ++++++++++++++---
 util/stanza.lua           | 13 ++++---------
 2 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/spec/util_stanza_spec.lua b/spec/util_stanza_spec.lua
index 4263923d..dcbd6cf8 100644
--- a/spec/util_stanza_spec.lua
+++ b/spec/util_stanza_spec.lua
@@ -84,9 +84,20 @@ describe("util.stanza", function()
 	end);
 
 	describe("#iq()", function()
-		it("should work", function()
-			local i = st.iq();
-			assert.are.equal(i.name, "iq");
+		it("should create an iq stanza", function()
+			local i = st.iq({ id = "foo" });
+			assert.are.equal("iq", i.name);
+			assert.are.equal("foo", i.attr.id);
+		end);
+
+		it("should reject stanzas with no id", function ()
+			assert.has.error_match(function ()
+				local i = st.iq();
+			end, "id attribute");
+
+			assert.has.error_match(function ()
+				local i = st.iq({ foo = "bar" });
+			end, "id attribute");
 		end);
 	end);
 
diff --git a/util/stanza.lua b/util/stanza.lua
index f08baef7..79522ed5 100644
--- a/util/stanza.lua
+++ b/util/stanza.lua
@@ -347,12 +347,6 @@ function stanza_mt.get_error(stanza)
 	return error_type, condition or "undefined-condition", text;
 end
 
-local id = 0;
-local function new_id()
-	id = id + 1;
-	return "lx"..id;
-end
-
 local function preserialize(stanza)
 	local s = { name = stanza.name, attr = stanza.attr };
 	for _, child in ipairs(stanza) do
@@ -430,8 +424,10 @@ local function message(attr, body)
 	end
 end
 local function iq(attr)
-	if attr and not attr.id then attr.id = new_id(); end
-	return new_stanza("iq", attr or { id = new_id() });
+	if not (attr and attr.id) then
+		error("iq stanzas require an id attribute");
+	end
+	return new_stanza("iq", attr);
 end
 
 local function reply(orig)
@@ -502,7 +498,6 @@ return {
 	stanza_mt = stanza_mt;
 	stanza = new_stanza;
 	is_stanza = is_stanza;
-	new_id = new_id;
 	preserialize = preserialize;
 	deserialize = deserialize;
 	clone = clone;
-- 
cgit v1.2.3