Skip to content

Commit

Permalink
Do not allow one2one calling yourself
Browse files Browse the repository at this point in the history
Signed-off-by: Joas Schilling <coding@schilljs.com>
  • Loading branch information
nickvergessen committed Feb 14, 2018
1 parent a1fe6c2 commit 5672388
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 0 deletions.
4 changes: 4 additions & 0 deletions lib/Controller/RoomController.php
Original file line number Diff line number Diff line change
Expand Up @@ -339,6 +339,10 @@ protected function createOneToOneRoom($targetUserName) {
return new DataResponse([], Http::STATUS_NOT_FOUND);
}

if ($this->userId === $targetUserName) {
return new DataResponse([], Http::STATUS_FORBIDDEN);
}

// If room exists: Reuse that one, otherwise create a new one.
try {
$room = $this->manager->getOne2OneRoom($this->userId, $targetUser->getUID());
Expand Down
13 changes: 13 additions & 0 deletions tests/integration/features/bootstrap/FeatureContext.php
Original file line number Diff line number Diff line change
Expand Up @@ -163,6 +163,19 @@ public function userCreatesRoom($user, $identifier, TableNode $formData = null)
self::$tokenToIdentifier[$response['token']] = $identifier;
}

/**
* @Then /^user "([^"]*)" tries to create room with (\d+)$/
*
* @param string $user
* @param int $statusCode
* @param TableNode|null $formData
*/
public function userTriesToCreateRoom($user, $statusCode, TableNode $formData = null) {
$this->setCurrentUser($user);
$this->sendRequest('POST', '/apps/spreed/api/v1/room', $formData);
$this->assertStatusCode($this->response, $statusCode);
}

/**
* @Then /^user "([^"]*)" joins room "([^"]*)" with (\d+)$/
*
Expand Down
5 changes: 5 additions & 0 deletions tests/integration/features/one-to-one.feature
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,11 @@ Feature: one-to-one
Then user "participant2" is participant of the following rooms
Then user "participant3" is participant of the following rooms

Scenario: User1 invites user1 ... that should not work ...
When user "participant1" tries to create room with 403
| roomType | 1 |
| invite | participant1 |

Scenario: User1 invites user2 to a one2one room and user3 is not part of it
When user "participant1" creates room "room1"
| roomType | 1 |
Expand Down

0 comments on commit 5672388

Please sign in to comment.