From b78acdcf965f7c4cc92daf93aca2a6c38e6e9341 Mon Sep 17 00:00:00 2001
From: Waqas Hussain <waqas20@gmail.com>
Date: Mon, 1 Jun 2009 15:09:42 +0500
Subject: stanza_router: Proper error for clients sending stanzas after auth
 but before resource binding

---
 core/stanza_router.lua | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/core/stanza_router.lua b/core/stanza_router.lua
index 7e7e3a43..001a9fd2 100644
--- a/core/stanza_router.lua
+++ b/core/stanza_router.lua
@@ -62,9 +62,10 @@ function core_process_stanza(origin, stanza)
 	end
 
 	if origin.type == "c2s" and not origin.full_jid
-		and not(stanza.name == "iq" and stanza.tags[1].name == "bind"
+		and not(stanza.name == "iq" and stanza.attr.type == "set" and stanza.tags[1] and stanza.tags[1].name == "bind"
 				and stanza.tags[1].attr.xmlns == "urn:ietf:params:xml:ns:xmpp-bind") then
-		error("Client MUST bind resource after auth");
+		-- authenticated client isn't bound and current stanza is not a bind request
+		origin.send(st.error_reply(stanza, "auth", "not-authorized")); -- FIXME maybe allow stanzas to account or server
 	end
 
 	-- TODO also, stanzas should be returned to their original state before the function ends
-- 
cgit v1.2.3