summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemko Tronçon <git@el-tramo.be>2011-10-01 11:09:13 (GMT)
committerRemko Tronçon <git@el-tramo.be>2011-10-01 11:09:13 (GMT)
commit6a4a15088e7c97b3f6c1de179eee1defa2720bdb (patch)
tree56a994e5f7eddcc38cf24d6af24f8c28076c537a /Swiften/Roster
parenteedd35c220d6c8788c8ae4921135333a57feb3a0 (diff)
downloadswift-6a4a15088e7c97b3f6c1de179eee1defa2720bdb.zip
swift-6a4a15088e7c97b3f6c1de179eee1defa2720bdb.tar.bz2
Fixed roster sender check.swift-1.x
Resolves: #993
Diffstat (limited to 'Swiften/Roster')
-rw-r--r--Swiften/Roster/RosterPushResponder.h9
-rw-r--r--Swiften/Roster/UnitTest/XMPPRosterControllerTest.cpp14
2 files changed, 21 insertions, 2 deletions
diff --git a/Swiften/Roster/RosterPushResponder.h b/Swiften/Roster/RosterPushResponder.h
index b38914b..4e0bc4e 100644
--- a/Swiften/Roster/RosterPushResponder.h
+++ b/Swiften/Roster/RosterPushResponder.h
@@ -21,8 +21,13 @@ namespace Swift {
private:
virtual bool handleSetRequest(const JID& from, const JID&, const std::string& id, boost::shared_ptr<RosterPayload> payload) {
- onRosterReceived(payload);
- sendResponse(from, id, boost::shared_ptr<RosterPayload>());
+ if (getIQRouter()->isAccountJID(from)) {
+ onRosterReceived(payload);
+ sendResponse(from, id, boost::shared_ptr<RosterPayload>());
+ }
+ else {
+ sendError(from, id, ErrorPayload::NotAuthorized, ErrorPayload::Cancel);
+ }
return true;
}
};
diff --git a/Swiften/Roster/UnitTest/XMPPRosterControllerTest.cpp b/Swiften/Roster/UnitTest/XMPPRosterControllerTest.cpp
index 4ef1cc1..997840f 100644
--- a/Swiften/Roster/UnitTest/XMPPRosterControllerTest.cpp
+++ b/Swiften/Roster/UnitTest/XMPPRosterControllerTest.cpp
@@ -23,6 +23,7 @@ class XMPPRosterControllerTest : public CppUnit::TestFixture {
CPPUNIT_TEST_SUITE(XMPPRosterControllerTest);
CPPUNIT_TEST(testGet_EmptyResponse);
CPPUNIT_TEST(testAdd);
+ CPPUNIT_TEST(testAddFromNonAccount);
CPPUNIT_TEST(testModify);
CPPUNIT_TEST(testRemove);
CPPUNIT_TEST(testMany);
@@ -32,6 +33,7 @@ class XMPPRosterControllerTest : public CppUnit::TestFixture {
void setUp() {
channel_ = new DummyStanzaChannel();
router_ = new IQRouter(channel_);
+ router_->setJID("me@bla.com");
xmppRoster_ = new XMPPRosterImpl();
handler_ = new XMPPRosterSignalHandler(xmppRoster_);
jid1_ = JID("foo@bar.com");
@@ -68,6 +70,18 @@ class XMPPRosterControllerTest : public CppUnit::TestFixture {
CPPUNIT_ASSERT_EQUAL(std::string("Bob"), xmppRoster_->getNameForJID(jid1_));
}
+ void testAddFromNonAccount() {
+ XMPPRosterController controller(router_, xmppRoster_);
+
+ boost::shared_ptr<RosterPayload> payload(new RosterPayload());
+ payload->addItem(RosterItemPayload(jid1_, "Bob", RosterItemPayload::Both));
+ IQ::ref request = IQ::createRequest(IQ::Set, JID(), "eou", payload);
+ request->setFrom(jid2_);
+ channel_->onIQReceived(request);
+
+ CPPUNIT_ASSERT_EQUAL(None, handler_->getLastEvent());
+ }
+
void testModify() {
XMPPRosterController controller(router_, xmppRoster_);
boost::shared_ptr<RosterPayload> payload1(new RosterPayload());