Opened 5 years ago

Closed 5 years ago

#15749 closed defect (invalid)

Pidgin is not showing Facebook Contact List

Reported by: superichy Owned by: deryni
Milestone: Component: XMPP
Version: 2.10.7 Keywords: contacts facebook issue
Cc:

Description

Hi team, I have installed Pidgin 2.10.7 (libpurple 2.10.7); on Linux Mint 13 Maya (with MATE desktop);

I have configured MSN and GTALK accounts and everything is right with both contact list.

I added a Facebook account and is succefully conected, my contacts can see me and send me messages, however I can't have the list of them on my contact list,

any help please...?

PS: I'm not using any "strange" addon. I'm using guifications and the Facebook popups don't appear neither,

thank you very in advance,

Richy

PS2: I tried kopete instant messenger and YES it could show all my Facebook contacts

Attachments (1)

debug-log (60 bytes) - added by superichy 5 years ago.

Download all attachments as: .zip

Change History (9)

Changed 5 years ago by superichy

comment:1 Changed 5 years ago by datallah

Here's what's happening:

We request the roster:

<iq type='get' id='purple5a97b6c8'><query xmlns='jabber:iq:roster'/></iq>

The server replies with:

<iq from='chat.facebook.com' id='purple5a97b6c8' to='-12345@chat.facebook.com/Pidgin' type='result'>
    <query xmlns='jabber:iq:roster'>
        <item jid='-67890chat.facebook.com' name='Your Buddy Name' subscription='both'><group>Facebook Friends</group></item>
...
    </query>
</iq>

The appropriate value for "from" is defined in Section 8.1.2.1 of RFC 6120.

The way I read it (and I checked with the folks in the XMPP conference room (jdev@…)), facebook isn't sending a valid iq response.

"Rule 3" is in effect because the roster response is something requested by the client. This means that the correct value for "from" should be either the current user's bare JID (e.g. "-12345@…") or the attribute should be omitted altogether (which is what most other servers seem to do).

Pidgin is discarding the response because the "from" attribute isn't valid - this is done for security reasons so that your roster can't be spoofed by a malicious client.

comment:2 follow-up: Changed 5 years ago by datallah

I reported this to the Facebook Developer Relations Group (unfortunately only visible to group members), and was told that it would be fixed. I don't know the timeframe though.

comment:3 in reply to: ↑ 2 Changed 5 years ago by superichy

Replying to datallah:

I reported this to the Facebook Developer Relations Group (unfortunately only visible to group members), and was told that it would be fixed. I don't know the timeframe though.

Hi datallah, thanks for helping... I've deleted and created my Facebook account several times and the problem persists. (Always the same problem) My FB contacts are not shown, but they are able to see me online and send me messages, keep in touch please,

thanks,

Richy

Last edited 5 years ago by superichy (previous) (diff)

comment:4 follow-up: Changed 5 years ago by datallah

I don't understand why you think that anything you do will have an effect on this. There is a bug in the facebook server that's causing this and the problem won't go away until they fix it.

comment:5 Changed 5 years ago by datallah

Ticket #15751 has been marked as a duplicate of this ticket.

comment:6 in reply to: ↑ 4 Changed 5 years ago by superichy

Sorry Sr., I was just trying to collaborate... It's a very strange bug, all the other messengers can download Facebook list from the server,

You can try jitsi.org,

Best regards,

Richy

comment:7 Changed 5 years ago by datallah

The clients that are able to use the facebook roster (probably including old versions of pidgin) despite this bug are not correctly validating that the response is coming from the correct origin.

Last edited 5 years ago by datallah (previous) (diff)

comment:8 Changed 5 years ago by datallah

  • Milestone 2.10.8 deleted
  • Resolution set to invalid
  • Status changed from new to closed

This isn't a bug in pidgin, so I'm going to close this ticket.

Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!