Correctly handle "none" auth on old servers

There is no security result for the "none" authentication until RFB 3.8. This got broken by mistake in 5671072.
novnc · Sep 7, 2023 · 72f6810 · 72f6810
1 parent e81602d
commit 72f6810
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 3 deletions.
diff --git a/core/rfb.js b/core/rfb.js
@@ -1925,7 +1925,11 @@ export default class RFB extends EventTargetMixin {
     _negotiateAuthentication() {
         switch (this._rfbAuthScheme) {
             case securityTypeNone:
-                this._rfbInitState = 'SecurityResult';
+                if (this._rfbVersion >= 3.8) {
+                    this._rfbInitState = 'SecurityResult';
+                } else {
+                    this._rfbInitState = 'ClientInitialisation';
+                }
                 return true;
 
             case securityTypeXVP:

diff --git a/tests/test.rfb.js b/tests/test.rfb.js
@@ -1257,7 +1257,15 @@ describe('Remote Frame Buffer Protocol Client', function () {
                 client._sock._websocket._receiveData(new Uint8Array([0, 0, 0, 1]));
                 expect(client._rfbInitState).to.equal('ServerInitialisation');
             });
-        });
+
+            it('should transition straight to ServerInitialisation on "no auth" for versions < 3.8', function () {
+                sendVer('003.007\n', client);
+                client._sock._websocket._getSentData();
+
+                sendSecurity(1, client);
+                expect(client._rfbInitState).to.equal('ServerInitialisation');
+            });
+       });
 
         describe('Authentication', function () {
             beforeEach(function () {
@@ -2231,10 +2239,17 @@ describe('Remote Frame Buffer Protocol Client', function () {
 
         describe('Legacy SecurityResult', function () {
             beforeEach(function () {
+                client.addEventListener("credentialsrequired", () => {
+                    client.sendCredentials({ password: 'passwd' });
+                });
                 sendVer('003.007\n', client);
                 client._sock._websocket._getSentData();
-                sendSecurity(1, client);
+                sendSecurity(2, client);
+                const challenge = [];
+                for (let i = 0; i < 16; i++) { challenge[i] = i; }
+                client._sock._websocket._receiveData(new Uint8Array(challenge));
                 client._sock._websocket._getSentData();
+                clock.tick();
             });
 
             it('should not include reason in securityfailure event', function () {