Page MenuHomePhabricator

TODO
No OneTemporary

High priority
-------------
1. Log all server and basic access messages to syslog and keep verbose
logging (headers,bodies) in var/log/openxcap/
2. Log the whole HTTP URI as seen by the client
3. Add a server configuration option called 'check_rls_documents' to check
the sanity of the content of RLS documents. As these docuemnts are
expanded by the Presence agent is important that the end-user to not
provision unsafe data for the server.
if check_rls_documents is not defined or is 'none' do nothing
if check_rls_documents = 'safe' do the following checks
a) the service-uri must be formated as: sip:listname-buddies@domain.com
b) the one elements must not point to another service-uri (do not contain -buddies@)
c) External references to resource-lists or other http URIs are not allowed
d) The document must contain only individual sip uri entries user@domain
if check_rls_documents = 'OMA' do the following checks:
a) the service-uri must be formated as: sip:username@domain.com;pres-list=id
b) The service may contain only one <resource-list> element pointing
to an existing resource list document on the same server:
http://domain/xcap-root/resource-lists/users/sip:alice@domain/index/~~/resource-lists/list[@name="id"]
c) The XCAP root part of point b) must match the XCAP root used to access this
RLS services document
d) The resource list named 'id' must exists
4. Validation after put/delete attribute
5. Add SIP client support to OpenXCAP to send PUBLISH for xcap-diff event.
Modify OpenSIPS to perform refreshWatchers() when the PUBLISH is received.
Low priority
------------
1. Add xcap-directory application to list the documents for a given user
2. Allow port in root= settings, thus making port= parameter unnecessary.
Make sure that when listening on non-default port valid URIs are logged (see prev. issue)
Inside, always use xcap root with port (if non-default), i.e. put port in logs, xcap-diff docs
3. Change default port for https:// to 443 (currently is 8000). Keep the
default port for http:// 8000 for backward compatibility.
4. Test suite: validate after each GET, test well-formedness of the received
elements.
5. Finish global/users: test that all possible combinations (global/users
GET/PUT/DELETE each app) return reasonable error
6. global + digest auth = not implemented
7. URIs in att_value. Should differently encoded be considered equal?
Note, that there're 2 encodings: percent-encoding, and xml attribute encoding (i.e. &quot; and friends)
Resource Lists RFC features example document with http URI that has percent-encoding in it.
Does that mean that to match against it, percents in the URI should be themselves percent-encoded?
Or XCAP server should use its knowledge about the app and figure out that URIs are equivalent.
This may be unreliable if it's unknown whether this URI was percent-encoded or not. Why
that URI was percent encoded in the first place, why not paste it in the documents as it is, using
XML escaping where necessary.
Make few simple xpath expressions that include that URI as att_value and post it SIMPLE mailing list.
8. Errors from twisted are text/html and from xcap are text/plain: use one
(text/plain?)

File Metadata

Mime Type
text/plain
Expires
Sat, Nov 23, 8:09 AM (1 d, 14 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3409039
Default Alt Text
TODO (3 KB)

Event Timeline