Software / code / prosody
Changeset
11753:c4599a7c534c
mod_external_services: Validate required attributes on credentials requests
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 29 Aug 2021 23:26:19 +0200 |
| parents | 11752:6427e2642976 |
| children | 11754:21a9b3f2a728 |
| files | plugins/mod_external_services.lua spec/scansion/extdisco.scs |
| diffstat | 2 files changed, 20 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_external_services.lua Tue Aug 31 13:03:44 2021 +0200 +++ b/plugins/mod_external_services.lua Sun Aug 29 23:26:19 2021 +0200 @@ -175,7 +175,7 @@ local action = stanza.tags[1]; if origin.type ~= "c2s" then - origin.send(st.error_reply(stanza, "auth", "forbidden")); + origin.send(st.error_reply(stanza, "auth", "forbidden", "The 'port' and 'type' attributes are required.")); return true; end @@ -188,6 +188,11 @@ local requested_credentials = {}; for service in action:childtags("service") do + if not service.attr.type or not service.attr.host then + origin.send(st.error_reply(stanza, "modify", "bad-request")); + return true; + end + table.insert(requested_credentials, { type = service.attr.type; host = service.attr.host;
--- a/spec/scansion/extdisco.scs Tue Aug 31 13:03:44 2021 +0200 +++ b/spec/scansion/extdisco.scs Sun Aug 29 23:26:19 2021 +0200 @@ -52,6 +52,20 @@ </credentials> </iq> +Romeo sends: + <iq type='get' xml:lang='sv' id='lx5' to='localhost'> + <credentials xmlns='urn:xmpp:extdisco:2'> + <service host='default.example' /> + </credentials> + </iq> + +Romeo receives: + <iq type='error' id='lx5' from='localhost'> + <error type='modify'> + <bad-request xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/> + </error> + </iq> + Romeo disconnects # recording ended on 2020-07-18T16:47:57Z
