Stream: IQ handling: Accept responses without 'from' attribute (#556)

See https://xmpp.org/rfcs/rfc6120.html#stanzas-attributes-from-c2s point 3

1 files changed, 11 insertions, 3 deletions

diff --git a/src/base/QXmppStream.cpp b/src/base/QXmppStream.cpp
index a4921a43..4e7c7276 100644
--- a/src/base/QXmppStream.cpp
+++ b/src/base/QXmppStream.cpp
@@ -481,10 +481,18 @@ bool QXmppStream::handleIqResponse(const QDomElement &stanza)
         return false;
     }
 
-    if (auto itr = d->runningIqs.find(stanza.attribute(QStringLiteral("id")));
+    const auto id = stanza.attribute(QStringLiteral("id"));
+    if (auto itr = d->runningIqs.find(id);
         itr != d->runningIqs.end()) {
-        if (stanza.attribute("from") != itr.value().jid) {
-            warning(QStringLiteral("Received IQ response to one of our requests from wrong sender. Ignoring."));
+        const auto expectedFrom = itr.value().jid;
+        // Check that the sender of the response matches the recipient of the request.
+        // Stanzas coming from the server on behalf of the user's account must have no "from"
+        // attribute or have it set to the user's bare JID.
+        // If 'from' is empty, the IQ has been sent by the server. In this case we don't need to
+        // do the check as we trust the server anyways.
+        if (const auto from = stanza.attribute("from"); !from.isEmpty() && from != expectedFrom) {
+            warning(QStringLiteral("Ignored received IQ response to request '%1' because of wrong sender '%2' instead of expected sender '%3'")
+                        .arg(id, from, expectedFrom));
             return false;
         }