diff options
| author | Remko Tronçon <git@el-tramo.be> | 2011-10-01 11:09:13 (GMT) | 
|---|---|---|
| committer | Remko Tronçon <git@el-tramo.be> | 2011-10-01 11:09:13 (GMT) | 
| commit | 6a4a15088e7c97b3f6c1de179eee1defa2720bdb (patch) | |
| tree | 56a994e5f7eddcc38cf24d6af24f8c28076c537a /Swiften | |
| parent | eedd35c220d6c8788c8ae4921135333a57feb3a0 (diff) | |
| download | swift-swift-1.x.zip swift-swift-1.x.tar.bz2 | |
Fixed roster sender check.swift-1.x
Resolves: #993
Diffstat (limited to 'Swiften')
| -rw-r--r-- | Swiften/Queries/IQRouter.h | 10 | ||||
| -rw-r--r-- | Swiften/Queries/Responder.h | 4 | ||||
| -rw-r--r-- | Swiften/Roster/RosterPushResponder.h | 9 | ||||
| -rw-r--r-- | Swiften/Roster/UnitTest/XMPPRosterControllerTest.cpp | 14 | 
4 files changed, 35 insertions, 2 deletions
| diff --git a/Swiften/Queries/IQRouter.h b/Swiften/Queries/IQRouter.h index a21b24d..961ff59 100644 --- a/Swiften/Queries/IQRouter.h +++ b/Swiften/Queries/IQRouter.h @@ -63,6 +63,16 @@ namespace Swift {  			bool isAvailable(); +			/** +			 * Checks whether the given jid is the account JID (i.e. it is either +			 * the bare JID, or it is the empty JID). +			 * Can be used to check whether a stanza is sent by the server on behalf +			 * of the user's account. +			 */ +			bool isAccountJID(const JID& jid) { +				return jid.isValid() ? jid_.toBare().equals(jid, JID::WithResource) : true; +			} +  		private:  			void handleIQ(boost::shared_ptr<IQ> iq);  			void processPendingRemoves(); diff --git a/Swiften/Queries/Responder.h b/Swiften/Queries/Responder.h index 2ce8f10..28628e6 100644 --- a/Swiften/Queries/Responder.h +++ b/Swiften/Queries/Responder.h @@ -94,6 +94,10 @@ namespace Swift {  				router_->sendIQ(IQ::createError(to, from, id, condition, type));  			} +			IQRouter* getIQRouter() const { +				return router_; +			} +  		private:  			virtual bool handleIQ(boost::shared_ptr<IQ> iq) {  				if (iq->getType() == IQ::Set || iq->getType() == IQ::Get) { diff --git a/Swiften/Roster/RosterPushResponder.h b/Swiften/Roster/RosterPushResponder.h index b38914b..4e0bc4e 100644 --- a/Swiften/Roster/RosterPushResponder.h +++ b/Swiften/Roster/RosterPushResponder.h @@ -21,8 +21,13 @@ namespace Swift {  		private:  			virtual bool handleSetRequest(const JID& from, const JID&, const std::string& id, boost::shared_ptr<RosterPayload> payload) { -				onRosterReceived(payload); -				sendResponse(from, id, boost::shared_ptr<RosterPayload>()); +				if (getIQRouter()->isAccountJID(from)) { +					onRosterReceived(payload); +					sendResponse(from, id, boost::shared_ptr<RosterPayload>()); +				} +				else { +					sendError(from, id, ErrorPayload::NotAuthorized, ErrorPayload::Cancel); +				}  				return true;  			}  	}; diff --git a/Swiften/Roster/UnitTest/XMPPRosterControllerTest.cpp b/Swiften/Roster/UnitTest/XMPPRosterControllerTest.cpp index 4ef1cc1..997840f 100644 --- a/Swiften/Roster/UnitTest/XMPPRosterControllerTest.cpp +++ b/Swiften/Roster/UnitTest/XMPPRosterControllerTest.cpp @@ -23,6 +23,7 @@ class XMPPRosterControllerTest : public CppUnit::TestFixture {  		CPPUNIT_TEST_SUITE(XMPPRosterControllerTest);  		CPPUNIT_TEST(testGet_EmptyResponse);  		CPPUNIT_TEST(testAdd); +		CPPUNIT_TEST(testAddFromNonAccount);  		CPPUNIT_TEST(testModify);  		CPPUNIT_TEST(testRemove);  		CPPUNIT_TEST(testMany); @@ -32,6 +33,7 @@ class XMPPRosterControllerTest : public CppUnit::TestFixture {  		void setUp() {  			channel_ = new DummyStanzaChannel();  			router_ = new IQRouter(channel_); +			router_->setJID("me@bla.com");  			xmppRoster_ = new XMPPRosterImpl();  			handler_ = new XMPPRosterSignalHandler(xmppRoster_);  			jid1_ = JID("foo@bar.com"); @@ -68,6 +70,18 @@ class XMPPRosterControllerTest : public CppUnit::TestFixture {  			CPPUNIT_ASSERT_EQUAL(std::string("Bob"), xmppRoster_->getNameForJID(jid1_));  		} +		void testAddFromNonAccount() { +			XMPPRosterController controller(router_, xmppRoster_); + +			boost::shared_ptr<RosterPayload> payload(new RosterPayload()); +			payload->addItem(RosterItemPayload(jid1_, "Bob", RosterItemPayload::Both)); +			IQ::ref request = IQ::createRequest(IQ::Set, JID(), "eou", payload); +			request->setFrom(jid2_); +			channel_->onIQReceived(request); + +			CPPUNIT_ASSERT_EQUAL(None, handler_->getLastEvent()); +		} +  		void testModify() {  			XMPPRosterController controller(router_, xmppRoster_);  			boost::shared_ptr<RosterPayload> payload1(new RosterPayload()); | 
 Swift
 Swift