From 56723880c90242d1f881f6ab03ecbef466b5b39f Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Tue, 13 Feb 2018 18:20:57 +0100 Subject: [PATCH 1/2] Do not allow one2one calling yourself Signed-off-by: Joas Schilling --- lib/Controller/RoomController.php | 4 ++++ .../features/bootstrap/FeatureContext.php | 13 +++++++++++++ tests/integration/features/one-to-one.feature | 5 +++++ 3 files changed, 22 insertions(+) diff --git a/lib/Controller/RoomController.php b/lib/Controller/RoomController.php index dfa99908bf6..21a97bea975 100644 --- a/lib/Controller/RoomController.php +++ b/lib/Controller/RoomController.php @@ -339,6 +339,10 @@ protected function createOneToOneRoom($targetUserName) { return new DataResponse([], Http::STATUS_NOT_FOUND); } + if ($this->userId === $targetUserName) { + return new DataResponse([], Http::STATUS_FORBIDDEN); + } + // If room exists: Reuse that one, otherwise create a new one. try { $room = $this->manager->getOne2OneRoom($this->userId, $targetUser->getUID()); diff --git a/tests/integration/features/bootstrap/FeatureContext.php b/tests/integration/features/bootstrap/FeatureContext.php index caac3cb9ff9..49ae2f0b60a 100644 --- a/tests/integration/features/bootstrap/FeatureContext.php +++ b/tests/integration/features/bootstrap/FeatureContext.php @@ -163,6 +163,19 @@ public function userCreatesRoom($user, $identifier, TableNode $formData = null) self::$tokenToIdentifier[$response['token']] = $identifier; } + /** + * @Then /^user "([^"]*)" tries to create room with (\d+)$/ + * + * @param string $user + * @param int $statusCode + * @param TableNode|null $formData + */ + public function userTriesToCreateRoom($user, $statusCode, TableNode $formData = null) { + $this->setCurrentUser($user); + $this->sendRequest('POST', '/apps/spreed/api/v1/room', $formData); + $this->assertStatusCode($this->response, $statusCode); + } + /** * @Then /^user "([^"]*)" joins room "([^"]*)" with (\d+)$/ * diff --git a/tests/integration/features/one-to-one.feature b/tests/integration/features/one-to-one.feature index a2a95d487f1..781e95ec3eb 100644 --- a/tests/integration/features/one-to-one.feature +++ b/tests/integration/features/one-to-one.feature @@ -9,6 +9,11 @@ Feature: one-to-one Then user "participant2" is participant of the following rooms Then user "participant3" is participant of the following rooms + Scenario: User1 invites user1 ... that should not work ... + When user "participant1" tries to create room with 403 + | roomType | 1 | + | invite | participant1 | + Scenario: User1 invites user2 to a one2one room and user3 is not part of it When user "participant1" creates room "room1" | roomType | 1 | From 4bfe0380bce5424287755bc5c4ce5dc1de06eea3 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Wed, 14 Feb 2018 13:41:16 +0100 Subject: [PATCH 2/2] Fix scenario description Signed-off-by: Joas Schilling --- tests/integration/features/one-to-one.feature | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/features/one-to-one.feature b/tests/integration/features/one-to-one.feature index 781e95ec3eb..4426bac0a03 100644 --- a/tests/integration/features/one-to-one.feature +++ b/tests/integration/features/one-to-one.feature @@ -9,7 +9,7 @@ Feature: one-to-one Then user "participant2" is participant of the following rooms Then user "participant3" is participant of the following rooms - Scenario: User1 invites user1 ... that should not work ... + Scenario: User1 invites themself to a one2one room When user "participant1" tries to create room with 403 | roomType | 1 | | invite | participant1 |