New option 'authentication_mechanisms'

Fixes #7671

src/common/config.py

@@ -351,6 +351,7 @@ class Config:
                     'connection_types': [ opt_str, 'tls ssl plain', _('Ordered list (space separated) of connection type to try. Can contain tls, ssl or plain')],
                     'tls_version': [ opt_str, '1.0', '' ],
                     'cipher_list': [ opt_str, 'HIGH:!aNULL:RC4-SHA', '' ],
+                    'authentication_mechanisms': [ opt_str, '', _('List (space separated) of authentication mechanisms to try. Can contain ANONYMOUS, EXTERNAL, GSSAPI, SCRAM-SHA-1-PLUS, SCRAM-SHA-1, DIGEST-MD5, PLAIN, X-MESSENGER-OAUTH2 or XEP-0078') ],
                     'action_when_plaintext_connection': [ opt_str, 'warn', _('Show a warning dialog before sending password on an plaintext connection. Can be \'warn\', \'connect\', \'disconnect\'') ],
                     'warn_when_insecure_ssl_connection': [ opt_bool, True, _('Show a warning dialog before using standard SSL library.') ],
                     'warn_when_insecure_password': [ opt_bool, True, _('Show a warning dialog before sending PLAIN password over a plain connection.') ],

src/common/connection.py

@@ -1447,8 +1447,15 @@ def connection_accepted(self, con, con_type):
                 return True
 
         self._register_handlers(con, con_type)
+        auth_mechs = gajim.config.get_per('accounts', self.name, 'authentication_mechanisms')
+        auth_mechs = auth_mechs.split()
+        for mech in auth_mechs:
+            if mech not in nbxmpp.auth_nb.SASL_AUTHENTICATION_MECHANISMS | set(['XEP-0078']):
+                log.warning("Unknown authentication mechanisms %s" % mech)
+        if len(auth_mechs) == 0:
+            auth_mechs = None
         con.auth(user=name, password=self.password,
-            resource=self.server_resource, sasl=1, on_auth=self.__on_auth)
+            resource=self.server_resource, sasl=True, on_auth=self.__on_auth, auth_mechs=auth_mechs)
 
     def ssl_certificate_accepted(self):
         if not self.connection: