From f9ed34db4d1d38e2c1e657b5a2dd6e8e6884d17e Mon Sep 17 00:00:00 2001
From: Stu Tomlinson <stu@nosnilmot.com>
Date: Fri, 13 Jul 2018 19:15:17 +0100
Subject: [PATCH] Enforce pubsub option required/rejected attributes

XEP-0060 states that 'node' and 'jid' attributes to <options> element MUST NOT
be included when <options> are specified at same time as <subscribe> :

https://xmpp.org/extensions/xep-0060.html#subscriber-configure-subandconfig

mod_pubsub will require 'node' and 'jid' attributes on standalone pubsub
options requests, and reject subscribe requests that have options that include
either 'node' or 'jid'
---
 rebar.config       |  2 +-
 src/mod_pubsub.erl | 17 ++++++++++++++++-
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/rebar.config b/rebar.config
index df49ede73..4a32eac44 100644
--- a/rebar.config
+++ b/rebar.config
@@ -25,7 +25,7 @@
         {fast_tls, ".*", {git, "https://github.com/processone/fast_tls", {tag, "1.0.23"}}},
         {stringprep, ".*", {git, "https://github.com/processone/stringprep", {tag, "1.0.12"}}},
         {fast_xml, ".*", {git, "https://github.com/processone/fast_xml", {tag, "1.1.32"}}},
-        {xmpp, ".*", {git, "https://github.com/processone/xmpp", "c98ee04"}},
+        {xmpp, ".*", {git, "https://github.com/processone/xmpp", "007a716"}},
         {fast_yaml, ".*", {git, "https://github.com/processone/fast_yaml", {tag, "1.0.15"}}},
         {jiffy, ".*", {git, "https://github.com/davisp/jiffy", {tag, "0.14.8"}}},
         {p1_oauth2, ".*", {git, "https://github.com/processone/p1_oauth2", {tag, "0.6.3"}}},
diff --git a/src/mod_pubsub.erl b/src/mod_pubsub.erl
index d96933e11..e50466d00 100644
--- a/src/mod_pubsub.erl
+++ b/src/mod_pubsub.erl
@@ -1138,8 +1138,17 @@ iq_pubsub(Host, Access, #iq{from = From, type = IQType, lang = Lang,
 	{set, #pubsub{subscribe = #ps_subscribe{node = Node, jid = JID},
 		      options = Options, _ = undefined}} ->
 	    Config = case Options of
-			 #ps_options{xdata = XData} ->
+			 #ps_options{xdata = XData, jid = undefined, node = <<>>} ->
 			     decode_subscribe_options(XData, Lang);
+			 #ps_options{xdata = _XData, jid = _JID, node = <<>>} ->
+			     Txt = <<"jid not allowed here">>,
+			     {error, xmpp:err_bad_request(Txt, Lang)};
+			 #ps_options{xdata = _XData, jid = undefined, node = _NodeID} ->
+			     Txt = <<"node not allowed here">>,
+			     {error, xmpp:err_bad_request(Txt, Lang)};
+			 #ps_options{xdata = _XData, jid = _JID, node = _NodeID} ->
+			     Txt = <<"jid and node not allowed here">>,
+			     {error, xmpp:err_bad_request(Txt, Lang)};
 			 _ ->
 			     []
 		     end,
@@ -1165,6 +1174,12 @@ iq_pubsub(Host, Access, #iq{from = From, type = IQType, lang = Lang,
 	{get, #pubsub{affiliations = {Node, _}, _ = undefined}} ->
 	    Plugins = config(serverhost(Host), plugins),
 	    get_affiliations(Host, Node, From, Plugins);
+	{_, #pubsub{options = #ps_options{jid = undefined}, _ = undefined}} ->
+	    Txt = <<"jid required">>,
+	    {error, extended_error(xmpp:err_bad_request(Txt, Lang), err_jid_required())};
+	{_, #pubsub{options = #ps_options{node = <<>>}, _ = undefined}} ->
+	    Txt = <<"nodeid required">>,
+	    {error, extended_error(xmpp:err_bad_request(Txt, Lang), err_nodeid_required())};
 	{get, #pubsub{options = #ps_options{node = Node, subid = SubId, jid = JID},
 		      _ = undefined}} ->
 	    get_options(Host, Node, JID, SubId, Lang);