diff options
author | Remko Tronçon <git@el-tramo.be> | 2011-10-01 11:09:13 (GMT) |
---|---|---|
committer | Remko Tronçon <git@el-tramo.be> | 2011-10-01 11:09:13 (GMT) |
commit | 6a4a15088e7c97b3f6c1de179eee1defa2720bdb (patch) | |
tree | 56a994e5f7eddcc38cf24d6af24f8c28076c537a | |
parent | eedd35c220d6c8788c8ae4921135333a57feb3a0 (diff) | |
download | swift-swift-1.x.zip swift-swift-1.x.tar.bz2 |
Fixed roster sender check.swift-1.x
Resolves: #993
-rw-r--r-- | Swiften/Queries/IQRouter.h | 10 | ||||
-rw-r--r-- | Swiften/Queries/Responder.h | 4 | ||||
-rw-r--r-- | Swiften/Roster/RosterPushResponder.h | 9 | ||||
-rw-r--r-- | Swiften/Roster/UnitTest/XMPPRosterControllerTest.cpp | 14 |
4 files changed, 35 insertions, 2 deletions
diff --git a/Swiften/Queries/IQRouter.h b/Swiften/Queries/IQRouter.h index a21b24d..961ff59 100644 --- a/Swiften/Queries/IQRouter.h +++ b/Swiften/Queries/IQRouter.h @@ -63,6 +63,16 @@ namespace Swift { bool isAvailable(); + /** + * Checks whether the given jid is the account JID (i.e. it is either + * the bare JID, or it is the empty JID). + * Can be used to check whether a stanza is sent by the server on behalf + * of the user's account. + */ + bool isAccountJID(const JID& jid) { + return jid.isValid() ? jid_.toBare().equals(jid, JID::WithResource) : true; + } + private: void handleIQ(boost::shared_ptr<IQ> iq); void processPendingRemoves(); diff --git a/Swiften/Queries/Responder.h b/Swiften/Queries/Responder.h index 2ce8f10..28628e6 100644 --- a/Swiften/Queries/Responder.h +++ b/Swiften/Queries/Responder.h @@ -94,6 +94,10 @@ namespace Swift { router_->sendIQ(IQ::createError(to, from, id, condition, type)); } + IQRouter* getIQRouter() const { + return router_; + } + private: virtual bool handleIQ(boost::shared_ptr<IQ> iq) { if (iq->getType() == IQ::Set || iq->getType() == IQ::Get) { diff --git a/Swiften/Roster/RosterPushResponder.h b/Swiften/Roster/RosterPushResponder.h index b38914b..4e0bc4e 100644 --- a/Swiften/Roster/RosterPushResponder.h +++ b/Swiften/Roster/RosterPushResponder.h @@ -21,8 +21,13 @@ namespace Swift { private: virtual bool handleSetRequest(const JID& from, const JID&, const std::string& id, boost::shared_ptr<RosterPayload> payload) { - onRosterReceived(payload); - sendResponse(from, id, boost::shared_ptr<RosterPayload>()); + if (getIQRouter()->isAccountJID(from)) { + onRosterReceived(payload); + sendResponse(from, id, boost::shared_ptr<RosterPayload>()); + } + else { + sendError(from, id, ErrorPayload::NotAuthorized, ErrorPayload::Cancel); + } return true; } }; diff --git a/Swiften/Roster/UnitTest/XMPPRosterControllerTest.cpp b/Swiften/Roster/UnitTest/XMPPRosterControllerTest.cpp index 4ef1cc1..997840f 100644 --- a/Swiften/Roster/UnitTest/XMPPRosterControllerTest.cpp +++ b/Swiften/Roster/UnitTest/XMPPRosterControllerTest.cpp @@ -23,6 +23,7 @@ class XMPPRosterControllerTest : public CppUnit::TestFixture { CPPUNIT_TEST_SUITE(XMPPRosterControllerTest); CPPUNIT_TEST(testGet_EmptyResponse); CPPUNIT_TEST(testAdd); + CPPUNIT_TEST(testAddFromNonAccount); CPPUNIT_TEST(testModify); CPPUNIT_TEST(testRemove); CPPUNIT_TEST(testMany); @@ -32,6 +33,7 @@ class XMPPRosterControllerTest : public CppUnit::TestFixture { void setUp() { channel_ = new DummyStanzaChannel(); router_ = new IQRouter(channel_); + router_->setJID("me@bla.com"); xmppRoster_ = new XMPPRosterImpl(); handler_ = new XMPPRosterSignalHandler(xmppRoster_); jid1_ = JID("foo@bar.com"); @@ -68,6 +70,18 @@ class XMPPRosterControllerTest : public CppUnit::TestFixture { CPPUNIT_ASSERT_EQUAL(std::string("Bob"), xmppRoster_->getNameForJID(jid1_)); } + void testAddFromNonAccount() { + XMPPRosterController controller(router_, xmppRoster_); + + boost::shared_ptr<RosterPayload> payload(new RosterPayload()); + payload->addItem(RosterItemPayload(jid1_, "Bob", RosterItemPayload::Both)); + IQ::ref request = IQ::createRequest(IQ::Set, JID(), "eou", payload); + request->setFrom(jid2_); + channel_->onIQReceived(request); + + CPPUNIT_ASSERT_EQUAL(None, handler_->getLastEvent()); + } + void testModify() { XMPPRosterController controller(router_, xmppRoster_); boost::shared_ptr<RosterPayload> payload1(new RosterPayload()); |