From 72f6810797f7bc70b94dea62de2c8256ccb944d9 Mon Sep 17 00:00:00 2001
From: Pierre Ossman <ossman@cendio.se>
Date: Thu, 7 Sep 2023 14:38:04 +0200
Subject: [PATCH] Correctly handle "none" auth on old servers

There is no security result for the "none" authentication until RFB 3.8.
This got broken by mistake in 5671072.
---
 core/rfb.js       |  6 +++++-
 tests/test.rfb.js | 19 +++++++++++++++++--
 2 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/core/rfb.js b/core/rfb.js
index fb9df0b9..477b30f5 100644
--- a/core/rfb.js
+++ b/core/rfb.js
@@ -1925,7 +1925,11 @@ export default class RFB extends EventTargetMixin {
     _negotiateAuthentication() {
         switch (this._rfbAuthScheme) {
             case securityTypeNone:
-                this._rfbInitState = 'SecurityResult';
+                if (this._rfbVersion >= 3.8) {
+                    this._rfbInitState = 'SecurityResult';
+                } else {
+                    this._rfbInitState = 'ClientInitialisation';
+                }
                 return true;
 
             case securityTypeXVP:
diff --git a/tests/test.rfb.js b/tests/test.rfb.js
index fd156340..d1313713 100644
--- a/tests/test.rfb.js
+++ b/tests/test.rfb.js
@@ -1257,7 +1257,15 @@ describe('Remote Frame Buffer Protocol Client', function () {
                 client._sock._websocket._receiveData(new Uint8Array([0, 0, 0, 1]));
                 expect(client._rfbInitState).to.equal('ServerInitialisation');
             });
-        });
+
+            it('should transition straight to ServerInitialisation on "no auth" for versions < 3.8', function () {
+                sendVer('003.007\n', client);
+                client._sock._websocket._getSentData();
+
+                sendSecurity(1, client);
+                expect(client._rfbInitState).to.equal('ServerInitialisation');
+            });
+       });
 
         describe('Authentication', function () {
             beforeEach(function () {
@@ -2231,10 +2239,17 @@ describe('Remote Frame Buffer Protocol Client', function () {
 
         describe('Legacy SecurityResult', function () {
             beforeEach(function () {
+                client.addEventListener("credentialsrequired", () => {
+                    client.sendCredentials({ password: 'passwd' });
+                });
                 sendVer('003.007\n', client);
                 client._sock._websocket._getSentData();
-                sendSecurity(1, client);
+                sendSecurity(2, client);
+                const challenge = [];
+                for (let i = 0; i < 16; i++) { challenge[i] = i; }
+                client._sock._websocket._receiveData(new Uint8Array(challenge));
                 client._sock._websocket._getSentData();
+                clock.tick();
             });
 
             it('should not include reason in securityfailure event', function () {