summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemko Tronçon <git@el-tramo.be>2011-10-01 11:09:13 (GMT)
committerRemko Tronçon <git@el-tramo.be>2011-10-01 11:09:13 (GMT)
commit6a4a15088e7c97b3f6c1de179eee1defa2720bdb (patch)
tree56a994e5f7eddcc38cf24d6af24f8c28076c537a
parenteedd35c220d6c8788c8ae4921135333a57feb3a0 (diff)
downloadswift-swift-1.x.zip
swift-swift-1.x.tar.bz2
Fixed roster sender check.swift-1.x
Resolves: #993
-rw-r--r--Swiften/Queries/IQRouter.h10
-rw-r--r--Swiften/Queries/Responder.h4
-rw-r--r--Swiften/Roster/RosterPushResponder.h9
-rw-r--r--Swiften/Roster/UnitTest/XMPPRosterControllerTest.cpp14
4 files changed, 35 insertions, 2 deletions
diff --git a/Swiften/Queries/IQRouter.h b/Swiften/Queries/IQRouter.h
index a21b24d..961ff59 100644
--- a/Swiften/Queries/IQRouter.h
+++ b/Swiften/Queries/IQRouter.h
@@ -63,6 +63,16 @@ namespace Swift {
bool isAvailable();
+ /**
+ * Checks whether the given jid is the account JID (i.e. it is either
+ * the bare JID, or it is the empty JID).
+ * Can be used to check whether a stanza is sent by the server on behalf
+ * of the user's account.
+ */
+ bool isAccountJID(const JID& jid) {
+ return jid.isValid() ? jid_.toBare().equals(jid, JID::WithResource) : true;
+ }
+
private:
void handleIQ(boost::shared_ptr<IQ> iq);
void processPendingRemoves();
diff --git a/Swiften/Queries/Responder.h b/Swiften/Queries/Responder.h
index 2ce8f10..28628e6 100644
--- a/Swiften/Queries/Responder.h
+++ b/Swiften/Queries/Responder.h
@@ -94,6 +94,10 @@ namespace Swift {
router_->sendIQ(IQ::createError(to, from, id, condition, type));
}
+ IQRouter* getIQRouter() const {
+ return router_;
+ }
+
private:
virtual bool handleIQ(boost::shared_ptr<IQ> iq) {
if (iq->getType() == IQ::Set || iq->getType() == IQ::Get) {
diff --git a/Swiften/Roster/RosterPushResponder.h b/Swiften/Roster/RosterPushResponder.h
index b38914b..4e0bc4e 100644
--- a/Swiften/Roster/RosterPushResponder.h
+++ b/Swiften/Roster/RosterPushResponder.h
@@ -21,8 +21,13 @@ namespace Swift {
private:
virtual bool handleSetRequest(const JID& from, const JID&, const std::string& id, boost::shared_ptr<RosterPayload> payload) {
- onRosterReceived(payload);
- sendResponse(from, id, boost::shared_ptr<RosterPayload>());
+ if (getIQRouter()->isAccountJID(from)) {
+ onRosterReceived(payload);
+ sendResponse(from, id, boost::shared_ptr<RosterPayload>());
+ }
+ else {
+ sendError(from, id, ErrorPayload::NotAuthorized, ErrorPayload::Cancel);
+ }
return true;
}
};
diff --git a/Swiften/Roster/UnitTest/XMPPRosterControllerTest.cpp b/Swiften/Roster/UnitTest/XMPPRosterControllerTest.cpp
index 4ef1cc1..997840f 100644
--- a/Swiften/Roster/UnitTest/XMPPRosterControllerTest.cpp
+++ b/Swiften/Roster/UnitTest/XMPPRosterControllerTest.cpp
@@ -23,6 +23,7 @@ class XMPPRosterControllerTest : public CppUnit::TestFixture {
CPPUNIT_TEST_SUITE(XMPPRosterControllerTest);
CPPUNIT_TEST(testGet_EmptyResponse);
CPPUNIT_TEST(testAdd);
+ CPPUNIT_TEST(testAddFromNonAccount);
CPPUNIT_TEST(testModify);
CPPUNIT_TEST(testRemove);
CPPUNIT_TEST(testMany);
@@ -32,6 +33,7 @@ class XMPPRosterControllerTest : public CppUnit::TestFixture {
void setUp() {
channel_ = new DummyStanzaChannel();
router_ = new IQRouter(channel_);
+ router_->setJID("me@bla.com");
xmppRoster_ = new XMPPRosterImpl();
handler_ = new XMPPRosterSignalHandler(xmppRoster_);
jid1_ = JID("foo@bar.com");
@@ -68,6 +70,18 @@ class XMPPRosterControllerTest : public CppUnit::TestFixture {
CPPUNIT_ASSERT_EQUAL(std::string("Bob"), xmppRoster_->getNameForJID(jid1_));
}
+ void testAddFromNonAccount() {
+ XMPPRosterController controller(router_, xmppRoster_);
+
+ boost::shared_ptr<RosterPayload> payload(new RosterPayload());
+ payload->addItem(RosterItemPayload(jid1_, "Bob", RosterItemPayload::Both));
+ IQ::ref request = IQ::createRequest(IQ::Set, JID(), "eou", payload);
+ request->setFrom(jid2_);
+ channel_->onIQReceived(request);
+
+ CPPUNIT_ASSERT_EQUAL(None, handler_->getLastEvent());
+ }
+
void testModify() {
XMPPRosterController controller(router_, xmppRoster_);
boost::shared_ptr<RosterPayload> payload1(new RosterPayload());