# HG changeset patch
# User Waqas Hussain <waqas20@gmail.com>
# Date 1223480236 -18000
# Node ID 972e31cc91e8e5e57d3c5b6d9de042230b038383
# Parent  531b981f2d17700eed44486d8b251412b5fe99d9
Fized: Added check to ensure that resource binding is done after auth.

diff -r 531b981f2d17 -r 972e31cc91e8 core/stanza_router.lua
--- a/core/stanza_router.lua	Wed Oct 08 19:30:35 2008 +0500
+++ b/core/stanza_router.lua	Wed Oct 08 20:37:16 2008 +0500
@@ -16,6 +16,13 @@
 function core_process_stanza(origin, stanza)
 	log("debug", "Received: "..tostring(stanza))
 	-- TODO verify validity of stanza (as well as JID validity)
+
+	if origin.type == "c2s" and not origin.full_jid
+		and not(stanza.name == "iq" and stanza.tags[1] and stanza.tags[1].name == "bind"
+				and stanza.tags[1].attr.xmlns == "urn:ietf:params:xml:ns:xmpp-bind") then
+		error("Client MUST bind resource after auth");
+	end
+
 	
 	local to = stanza.attr.to;
 	stanza.attr.from = origin.full_jid -- quick fix to prevent impersonation