1 files changed, 11 insertions, 7 deletions
diff --git a/Swiften/Client/ClientSession.cpp b/Swiften/Client/ClientSession.cpp
index fb80754..960af70 100644
--- a/Swiften/Client/ClientSession.cpp
+++ b/Swiften/Client/ClientSession.cpp
@@ -85,104 +85,108 @@ void ClientSession::handleElement(boost::shared_ptr<Element> element) {
 				authenticator = new SCRAMSHA1ClientAuthenticator("ClientNonce");
 				state = WaitingForCredentials;
 				onNeedCredentials();
 			}
 			else if (streamFeatures->hasAuthenticationMechanism("PLAIN")) {
 				authenticator = new PLAINClientAuthenticator();
 				state = WaitingForCredentials;
 				onNeedCredentials();
 			}
 			else {
 				finishSession(Error::NoSupportedAuthMechanismsError);
 			}
 		}
 		else {
 			// Start the session
 			stream->setWhitespacePingEnabled(true);
 
 			if (streamFeatures->hasSession()) {
 				needSessionStart = true;
 			}
 
 			if (streamFeatures->hasResourceBind()) {
 				state = BindingResource;
 				boost::shared_ptr<ResourceBind> resourceBind(new ResourceBind());
 				if (!localJID.getResource().isEmpty()) {
 					resourceBind->setResource(localJID.getResource());
 				}
 				stream->writeElement(IQ::createRequest(IQ::Set, JID(), "session-bind", resourceBind));
 			}
 			else if (needSessionStart) {
 				sendSessionStart();
 			}
 			else {
 				state = Initialized;
 				onInitialized();
 			}
 		}
 	}
 	else if (AuthChallenge* challenge = dynamic_cast<AuthChallenge*>(element.get())) {
 		checkState(Authenticating);
 		assert(authenticator);
 		if (authenticator->setChallenge(challenge->getValue())) {
 			stream->writeElement(boost::shared_ptr<AuthResponse>(new AuthResponse(authenticator->getResponse())));
 		}
 		else {
 			finishSession(Error::AuthenticationFailedError);
 		}
 	}
-	else if (dynamic_cast<AuthSuccess*>(element.get())) {
-		// TODO: Check success data with authenticator
+	else if (AuthSuccess* authSuccess = dynamic_cast<AuthSuccess*>(element.get())) {
 		checkState(Authenticating);
-		state = WaitingForStreamStart;
-		delete authenticator;
-		authenticator = NULL;
-		stream->resetXMPPParser();
-		sendStreamHeader();
+		if (!authenticator->setChallenge(authSuccess->getValue())) {
+			finishSession(Error::ServerVerificationFailedError);
+		}
+		else {
+			state = WaitingForStreamStart;
+			delete authenticator;
+			authenticator = NULL;
+			stream->resetXMPPParser();
+			sendStreamHeader();
+		}
 	}
 	else if (dynamic_cast<AuthFailure*>(element.get())) {
 		delete authenticator;
 		authenticator = NULL;
 		finishSession(Error::AuthenticationFailedError);
 	}
 	else if (dynamic_cast<TLSProceed*>(element.get())) {
 		checkState(WaitingForEncrypt);
 		state = Encrypting;
 		stream->addTLSEncryption();
 	}
 	else if (dynamic_cast<StartTLSFailure*>(element.get())) {
 		finishSession(Error::TLSError);
 	}
 	else if (IQ* iq = dynamic_cast<IQ*>(element.get())) {
 		if (state == BindingResource) {
 			boost::shared_ptr<ResourceBind> resourceBind(iq->getPayload<ResourceBind>());
 			if (iq->getType() == IQ::Error && iq->getID() == "session-bind") {
 				finishSession(Error::ResourceBindError);
 			}
 			else if (!resourceBind) {
 				finishSession(Error::UnexpectedElementError);
 			}
 			else if (iq->getType() == IQ::Result) {
 				localJID = resourceBind->getJID();
 				if (!localJID.isValid()) {
 					finishSession(Error::ResourceBindError);
 				}
 				if (needSessionStart) {
 					sendSessionStart();
 				}
 				else {
 					state = Initialized;
 				}
 			}
 			else {
 				finishSession(Error::UnexpectedElementError);
 			}
 		}
 		else if (state == StartingSession) {
 			if (iq->getType() == IQ::Result) {
 				state = Initialized;
 				onInitialized();
 			}
 			else if (iq->getType() == IQ::Error) {
 				finishSession(Error::SessionStartError);
 			}
 			else {