# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1630272379 -7200
# Node ID c4599a7c534ceb33a8326e808e0e14b52ce8cc7e
# Parent  6427e26429763dc6d5d5e25aad697793f20de232
mod_external_services: Validate required attributes on credentials requests

diff -r 6427e2642976 -r c4599a7c534c plugins/mod_external_services.lua
--- a/plugins/mod_external_services.lua	Tue Aug 31 13:03:44 2021 +0200
+++ b/plugins/mod_external_services.lua	Sun Aug 29 23:26:19 2021 +0200
@@ -175,7 +175,7 @@
 	local action = stanza.tags[1];
 
 	if origin.type ~= "c2s" then
-		origin.send(st.error_reply(stanza, "auth", "forbidden"));
+		origin.send(st.error_reply(stanza, "auth", "forbidden", "The 'port' and 'type' attributes are required."));
 		return true;
 	end
 
@@ -188,6 +188,11 @@
 
 	local requested_credentials = {};
 	for service in action:childtags("service") do
+		if not service.attr.type or not service.attr.host then
+			origin.send(st.error_reply(stanza, "modify", "bad-request"));
+			return true;
+		end
+
 		table.insert(requested_credentials, {
 				type = service.attr.type;
 				host = service.attr.host;
diff -r 6427e2642976 -r c4599a7c534c spec/scansion/extdisco.scs
--- a/spec/scansion/extdisco.scs	Tue Aug 31 13:03:44 2021 +0200
+++ b/spec/scansion/extdisco.scs	Sun Aug 29 23:26:19 2021 +0200
@@ -52,6 +52,20 @@
 		</credentials>
 	</iq>
 
+Romeo sends:
+	<iq type='get' xml:lang='sv' id='lx5' to='localhost'>
+		<credentials xmlns='urn:xmpp:extdisco:2'>
+			<service host='default.example' />
+		</credentials>
+	</iq>
+
+Romeo receives:
+	<iq type='error' id='lx5' from='localhost'>
+		<error type='modify'>
+			<bad-request xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
+		</error>
+	</iq>
+
 Romeo disconnects
 
 # recording ended on 2020-07-18T16:47:57Z