diff options
| author | Joas Schilling <coding@schilljs.com> | 2018-02-14 16:19:29 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-02-14 16:19:29 +0300 |
| commit | 583fa2c5d3bfb1c6984a68a1d776c6642448c15f (patch) | |
| tree | a483a2a34a0048ed0a3da70af7ccfe9ff05ed7ac | |
| parent | a1fe6c27f54645251a5c8f425af553b7b9039bd9 (diff) | |
| parent | 4bfe0380bce5424287755bc5c4ce5dc1de06eea3 (diff) | |
Merge pull request #660 from nextcloud/backport/657/no-one2one-calling-yourselfv3.1.0
[stable13] Do not allow one2one calling yourself
| -rw-r--r-- | lib/Controller/RoomController.php | 4 | ||||
| -rw-r--r-- | tests/integration/features/bootstrap/FeatureContext.php | 13 | ||||
| -rw-r--r-- | tests/integration/features/one-to-one.feature | 5 |
3 files changed, 22 insertions, 0 deletions
diff --git a/lib/Controller/RoomController.php b/lib/Controller/RoomController.php index dfa99908b..21a97bea9 100644 --- a/lib/Controller/RoomController.php +++ b/lib/Controller/RoomController.php @@ -339,6 +339,10 @@ class RoomController extends OCSController { return new DataResponse([], Http::STATUS_NOT_FOUND); } + if ($this->userId === $targetUserName) { + return new DataResponse([], Http::STATUS_FORBIDDEN); + } + // If room exists: Reuse that one, otherwise create a new one. try { $room = $this->manager->getOne2OneRoom($this->userId, $targetUser->getUID()); diff --git a/tests/integration/features/bootstrap/FeatureContext.php b/tests/integration/features/bootstrap/FeatureContext.php index caac3cb9f..49ae2f0b6 100644 --- a/tests/integration/features/bootstrap/FeatureContext.php +++ b/tests/integration/features/bootstrap/FeatureContext.php @@ -164,6 +164,19 @@ class FeatureContext implements Context, SnippetAcceptingContext { } /** + * @Then /^user "([^"]*)" tries to create room with (\d+)$/ + * + * @param string $user + * @param int $statusCode + * @param TableNode|null $formData + */ + public function userTriesToCreateRoom($user, $statusCode, TableNode $formData = null) { + $this->setCurrentUser($user); + $this->sendRequest('POST', '/apps/spreed/api/v1/room', $formData); + $this->assertStatusCode($this->response, $statusCode); + } + + /** * @Then /^user "([^"]*)" joins room "([^"]*)" with (\d+)$/ * * @param string $user diff --git a/tests/integration/features/one-to-one.feature b/tests/integration/features/one-to-one.feature index a2a95d487..4426bac0a 100644 --- a/tests/integration/features/one-to-one.feature +++ b/tests/integration/features/one-to-one.feature @@ -9,6 +9,11 @@ Feature: one-to-one Then user "participant2" is participant of the following rooms Then user "participant3" is participant of the following rooms + Scenario: User1 invites themself to a one2one room + When user "participant1" tries to create room with 403 + | roomType | 1 | + | invite | participant1 | + Scenario: User1 invites user2 to a one2one room and user3 is not part of it When user "participant1" creates room "room1" | roomType | 1 | |