diff options
| -rw-r--r-- | appinfo/application.php | 40 | ||||
| -rw-r--r-- | lib/ContactsStoreUserProvider.php | 5 | ||||
| -rw-r--r-- | lib/User.php | 4 | ||||
| -rw-r--r-- | lib/db/iqrosterpush.php | 2 | ||||
| -rw-r--r-- | lib/db/presencemapper.php | 3 | ||||
| -rw-r--r-- | lib/db/stanza.php | 4 | ||||
| -rw-r--r-- | lib/stanzahandlers/message.php | 4 | ||||
| -rw-r--r-- | tests/integration/db/MessageMapperTest.php | 2 |
8 files changed, 49 insertions, 15 deletions
diff --git a/appinfo/application.php b/appinfo/application.php index 61ccb9a..d808549 100644 --- a/appinfo/application.php +++ b/appinfo/application.php @@ -22,7 +22,6 @@ use OCA\OJSXC\StanzaHandlers\Presence; use OCA\OJSXC\StanzaLogger; use OCA\OJSXC\RawRequest; use OCA\OJSXC\DataRetriever; -use OCA\OJSXC\UserProvider; use OCA\OJSXC\ILock; use OCA\OJSXC\DbLock; use OCA\OJSXC\MemLock; @@ -32,6 +31,7 @@ use OCA\OJSXC\ContactsStoreUserProvider; use OCP\AppFramework\App; use OCP\IContainer; use OCP\IRequest; +use OCP\IUserBackend; class Application extends App { @@ -276,7 +276,7 @@ class Application extends App { * This is automatically made lowercase. */ $container->registerService('OJSXC_UserId', function(IContainer $c) { - return self::santizeUserId($c->query('UserId')); + return self::sanitizeUserId(self::convertToRealUID($c->query('UserId'))); }); /** @@ -337,14 +337,40 @@ class Application extends App { } - static public function santizeUserId($userId) { + public static function sanitizeUserId($providedUid) { return str_replace([" ", "'", "@"], ["_ojsxc_esc_space_", "_ojsxc_squote_space_", "_ojsxc_esc_at_"], - strtolower( - $userId - ) + $providedUid ); } + public static function deSanitize($providedUid) { + return str_replace(["_ojsxc_esc_space_", "_ojsxc_squote_space_", "_ojsxc_esc_at_"], [" ", "'", "@"], + $providedUid + ); + } + + + public static function convertToRealUID($providedUid) { + $user = \OC::$server->getUserManager()->get($providedUid); + if (is_null($user)) { + return $providedUid; + } + + $backends = \OC::$server->getUserManager()->getBackends(); + foreach ($backends as $backend) { + if ($backend->getBackendName() === $user->getBackendClassName()) { + if (method_exists($backend, 'loginName2UserName')) { + $uid = $backend->loginName2UserName($providedUid); + if ($uid !== false) { + return $uid; + } + } + } + } + + return $providedUid; + } + /** * @return bool whether the ContactsStore API is enabled */ @@ -353,4 +379,6 @@ class Application extends App { return $version[0] >= 13; } + + } diff --git a/lib/ContactsStoreUserProvider.php b/lib/ContactsStoreUserProvider.php index cf48d03..0da3de8 100644 --- a/lib/ContactsStoreUserProvider.php +++ b/lib/ContactsStoreUserProvider.php @@ -55,12 +55,13 @@ class ContactsStoreUserProvider implements IUserProvider if (is_null(self::$cache)) { $result = []; $contacts = $this->contactsStore->getContacts($this->userSession->getUser(), ''); - // TODO check if contact is disabled foreach ($contacts as $contact) { $uid = $contact->getProperty('UID'); + $user = $this->userManager->get($uid); if ($contact->getProperty('isLocalSystemBook') && !$this->isUserExcluded($uid) - && $this->userManager->get($uid)->isEnabled()) { + && !is_null($user) + && $user->isEnabled()) { $result[] = new User($uid, $contact->getFullName(), $contact); } } diff --git a/lib/User.php b/lib/User.php index 1b81bad..df7c10c 100644 --- a/lib/User.php +++ b/lib/User.php @@ -31,7 +31,7 @@ class User */ public function __construct($uid, $fullName, $origin) { - $this->uid = Application::santizeUserId($uid); + $this->uid = Application::sanitizeUserId($uid); $this->fullName = $fullName; $this->origin = $origin; } @@ -49,7 +49,7 @@ class User */ public function setUid($uid) { - $this->uid = Application::santizeUserId($uid); + $this->uid = Application::sanitizeUserId($uid); } /** diff --git a/lib/db/iqrosterpush.php b/lib/db/iqrosterpush.php index aebf9dc..7a9547a 100644 --- a/lib/db/iqrosterpush.php +++ b/lib/db/iqrosterpush.php @@ -48,7 +48,7 @@ class IQRosterPush extends Stanza implements XmlSerializable */ public function setJid($userId, $host_and_or_resource = null) { - $this->jid = Application::santizeUserId($userId); + $this->jid = Application::sanitizeUserId($userId); if (!is_null($host_and_or_resource)) { $this->jid .= '@' . $host_and_or_resource; } diff --git a/lib/db/presencemapper.php b/lib/db/presencemapper.php index a55bc1f..81b1019 100644 --- a/lib/db/presencemapper.php +++ b/lib/db/presencemapper.php @@ -2,6 +2,7 @@ namespace OCA\OJSXC\Db; +use OCA\OJSXC\AppInfo\Application; use OCA\OJSXC\Db\Presence as PresenceEntity; use OCA\OJSXC\IUserProvider; use OCA\OJSXC\NewContentContainer; @@ -145,7 +146,7 @@ class PresenceMapper extends Mapper $stmt = $this->execute("SELECT `userid` FROM `*PREFIX*ojsxc_presence` WHERE `presence` != 'unavailable' AND `userid` != ?", [$this->userId]); $results = []; while ($row = $stmt->fetch()) { - if (!$this->userProvider->hasUserByUID($row['userid'])) { + if (!$this->userProvider->hasUserByUID(Application::deSanitize($row['userid']))) { continue; } $results[] = $row['userid']; diff --git a/lib/db/stanza.php b/lib/db/stanza.php index 4998579..6ef2f8e 100644 --- a/lib/db/stanza.php +++ b/lib/db/stanza.php @@ -59,7 +59,7 @@ class Stanza extends Entity implements XmlSerializable $userId = $userId[0]; } - $this->to = Application::santizeUserId($userId); + $this->to = Application::sanitizeUserId($userId); if (!is_null($host_and_or_resource)) { $this->to .= '@' . $host_and_or_resource; } @@ -79,7 +79,7 @@ class Stanza extends Entity implements XmlSerializable $host_and_or_resource = $userId[1]; $userId = $userId[0]; } - $this->from = Application::santizeUserId($userId); + $this->from = Application::sanitizeUserId($userId); if (!is_null($host_and_or_resource)) { $this->from .= '@' . $host_and_or_resource; } diff --git a/lib/stanzahandlers/message.php b/lib/stanzahandlers/message.php index 6ce6bb0..dac030f 100644 --- a/lib/stanzahandlers/message.php +++ b/lib/stanzahandlers/message.php @@ -2,6 +2,7 @@ namespace OCA\OJSXC\StanzaHandlers; +use OCA\OJSXC\AppInfo\Application; use OCA\OJSXC\Db\MessageMapper; use OCA\OJSXC\IUserProvider; use OCP\ILogger; @@ -68,8 +69,11 @@ class Message extends StanzaHandler { $to = $this->getAttribute($stanza, 'to'); $pos = strrpos($to, '@'); + $this->to = substr($to, 0, $pos); + $this->to = Application::convertToRealUID(Application::deSanitize($this->to)); + if (!$this->userProvider->hasUserByUID($this->to)) { $this->logger->warning('User ' . $this->userId . ' is trying to send a message to ' . $this->to . ' but this isn\'t allowed'); return; diff --git a/tests/integration/db/MessageMapperTest.php b/tests/integration/db/MessageMapperTest.php index 7094b94..cae3602 100644 --- a/tests/integration/db/MessageMapperTest.php +++ b/tests/integration/db/MessageMapperTest.php @@ -159,7 +159,7 @@ class MessageMapperTest extends MapperTestUtility $this->assertCount(2, $result); // check findByTo - $result = $this->mapper->findByTo(Application::santizeUserId('john@localhost.com')); + $result = $this->mapper->findByTo(Application::sanitizeUserId('john@localhost.com')); $this->assertCount(1, $result); $this->assertEquals('<message to="john_ojsxc_esc_at_localhost.com@localhost/internal" from="jan_ojsxc_esc_at_localhost.com@localhost/internal" type="test" xmlns="jabber:client" id="4-msg">Messageabc</message>', $result[0]->getStanza()); |