Stream incorrectly closed after IBR remove

[lovetox]

Environment

• ejabberd version: 19.05

Bug description

If a user removes his account via IBR <remove>, ejabberd doesn't end the stream with the appropriate stream error <not-authorized>.

Further if i send stanzas to the server, after i sent <remove> the server ends the stream with <conflict> (text: User Removed)

which seems like ejabberd removes the user from the database before it ends the stream, which seems problematic.

[badlop]

Right.

You can try this small patch:

diff --git a/src/mod_register.erl b/src/mod_register.erl
index 5f3d7de56..48c2df54a 100644
--- a/src/mod_register.erl
+++ b/src/mod_register.erl
@@ -163,9 +163,12 @@ process_iq(#iq{type = set, lang = Lang, to = To, from = From,
 	    end;
        true ->
 	    case From of
-		#jid{luser = LUser, lserver = Server} ->
+		#jid{luser = LUser, lserver = Server, lresource = LResource} ->
 		    ResIQ = xmpp:make_iq_result(IQ),
 		    ejabberd_router:route(xmpp:set_from_to(ResIQ, From, From)),
+		    Err = xmpp:serr_not_authorized(),
+		    Pid = ejabberd_sm:get_session_pid(LUser, Server, LResource),
+		    ejabberd_c2s:send(Pid, Err),
 		    ejabberd_auth:remove_user(LUser, Server),
 		    ignore;
 		_ ->

The user sends:

<iq xmlns="jabber:client" type="set" id="895a27a7-1fbd-4ddf-921c-ae1f67fc1d2e">
  <query xmlns="jabber:iq:register">
    <remove />
  </query>
</iq>

And receives:

<iq xmlns="jabber:client"
    xml:lang="en"
    to="admin@localhost/gajim.LPHQ7UR4"
    from="admin@localhost/gajim.LPHQ7UR4"
    type="result"
    id="895a27a7-1fbd-4ddf-921c-ae1f67fc1d2e" />

<error xmlns="http://etherx.jabber.org/streams">
  <not-authorized xmlns="urn:ietf:params:xml:ns:xmpp-streams" />
</error>

[Neustradamus]

@lovetox: Have you seen the @badlop comment/patch?