From 34b8cd2ee63bb8b846249a00819e06b94da64b27 Mon Sep 17 00:00:00 2001 From: JC Brand Date: Thu, 28 Mar 2019 15:32:50 +0100 Subject: [PATCH] Prevent user from adding themselves as contact --- CHANGES.md | 1 + dist/converse.js | 23 ++++++++++++----------- spec/controlbox.js | 16 +++++++++++----- src/converse-rosterview.js | 14 ++++++++------ src/templates/add_contact_modal.html | 6 +++--- 5 files changed, 35 insertions(+), 25 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 582bad2bd..3f162d9db 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -5,6 +5,7 @@ - Updated translation: lt - Upgrade to Backbone 1.4.0, Strophe 1.3.2 and Jasmine 2.99.2 - Remove dependency on (our fork of) Awesomplete +- Prevent user from adding themselves as contact - Fix "flashing" of roster filter when you have less than 5 roster contacts - Fix handling of CAPTCHAs offered by ejabberd - Don't send out receipts or markers for MAM messages diff --git a/dist/converse.js b/dist/converse.js index 0082cb0bc..57d6df2ad 100644 --- a/dist/converse.js +++ b/dist/converse.js @@ -59145,7 +59145,7 @@ _converse_headless_converse_core__WEBPACK_IMPORTED_MODULE_4__["default"].plugins })); if (list.length !== 1) { - const el = this.el.querySelector('.suggestion-box__name .invalid-feedback'); + const el = this.el.querySelector('.invalid-feedback'); el.textContent = __('Sorry, could not find a contact with that name'); u.addClass('d-block', el); return; @@ -59163,16 +59163,19 @@ _converse_headless_converse_core__WEBPACK_IMPORTED_MODULE_4__["default"].plugins }, validateSubmission(jid) { + const el = this.el.querySelector('.invalid-feedback'); + if (!jid || _.compact(jid.split('@')).length < 2) { - // XXX: we used to have to do this manually, instead of via - // toHTML because Awesomplete messes things up and - // confuses Snabbdom - // We now use _converse.AutoComplete, can this be removed? u.addClass('is-invalid', this.el.querySelector('input[name="jid"]')); - u.addClass('d-block', this.el.querySelector('.suggestion-box__jid .invalid-feedback')); + u.addClass('d-block', el); + return false; + } else if (Strophe.getBareJidFromJid(jid) === _converse.bare_jid) { + el.textContent = __('You cannot add yourself as a contact'); + u.addClass('d-block', el); return false; } + u.removeClass('d-block', el); return true; }, @@ -92176,17 +92179,15 @@ __p += '\n value="' + __e(o.jid) + '"\n class="form-control suggestion-box__input"\n placeholder="' + __e(o.contact_placeholder) + -'"/>\n
' + -__e(o.error_message) + -'
\n \n \n \n
\n
\n \n
\n \n
\n \n \n
' + +'"/>\n \n
\n
\n
\n
' + __e(o.error_message) + -'
\n \n
\n\n
\n \n \n \n \n \n\n'; return __p diff --git a/spec/controlbox.js b/spec/controlbox.js index c3ede6ba0..7a45b15f0 100644 --- a/spec/controlbox.js +++ b/spec/controlbox.js @@ -322,7 +322,9 @@ 'open': _.noop, 'send': function () { const value = modal.el.querySelector('input[name="name"]').value; - if (value === 'ambiguous') { + if (value === 'dummy') { + xhr.responseText = JSON.stringify([{"jid": "dummy@localhost", "fullname": "Max Mustermann"}]); + } else if (value === 'ambiguous') { xhr.responseText = JSON.stringify([ {"jid": "marty@mcfly.net", "fullname": "Marty McFly"}, {"jid": "doc@brown.com", "fullname": "Doc Brown"} @@ -358,16 +360,20 @@ const input_el = modal.el.querySelector('input[name="name"]'); input_el.value = 'ambiguous'; modal.el.querySelector('button[type="submit"]').click(); - - let feedback_el = modal.el.querySelector('.suggestion-box__name .invalid-feedback'); + let feedback_el = modal.el.querySelector('.invalid-feedback'); expect(feedback_el.textContent).toBe('Sorry, could not find a contact with that name'); feedback_el.textContent = ''; input_el.value = 'insufficient'; modal.el.querySelector('button[type="submit"]').click(); - - feedback_el = modal.el.querySelector('.suggestion-box__name .invalid-feedback'); + feedback_el = modal.el.querySelector('.invalid-feedback'); expect(feedback_el.textContent).toBe('Sorry, could not find a contact with that name'); + feedback_el.textContent = ''; + + input_el.value = 'dummy'; + modal.el.querySelector('button[type="submit"]').click(); + feedback_el = modal.el.querySelector('.invalid-feedback'); + expect(feedback_el.textContent).toBe('You cannot add yourself as a contact'); input_el.value = 'Marty McFly'; modal.el.querySelector('button[type="submit"]').click(); diff --git a/src/converse-rosterview.js b/src/converse-rosterview.js index 672534dd7..9ba4217e5 100644 --- a/src/converse-rosterview.js +++ b/src/converse-rosterview.js @@ -190,7 +190,7 @@ converse.plugins.add('converse-rosterview', { const r = this.xhr.responseText; const list = JSON.parse(r).map(i => ({'label': i.fullname || i.jid, 'value': i.jid})); if (list.length !== 1) { - const el = this.el.querySelector('.suggestion-box__name .invalid-feedback'); + const el = this.el.querySelector('.invalid-feedback'); el.textContent = __('Sorry, could not find a contact with that name') u.addClass('d-block', el); return; @@ -206,15 +206,17 @@ converse.plugins.add('converse-rosterview', { }, validateSubmission (jid) { + const el = this.el.querySelector('.invalid-feedback'); if (!jid || _.compact(jid.split('@')).length < 2) { - // XXX: we used to have to do this manually, instead of via - // toHTML because Awesomplete messes things up and - // confuses Snabbdom - // We now use _converse.AutoComplete, can this be removed? u.addClass('is-invalid', this.el.querySelector('input[name="jid"]')); - u.addClass('d-block', this.el.querySelector('.suggestion-box__jid .invalid-feedback')); + u.addClass('d-block', el); + return false; + } else if (Strophe.getBareJidFromJid(jid) === _converse.bare_jid) { + el.textContent = __('You cannot add yourself as a contact') + u.addClass('d-block', el); return false; } + u.removeClass('d-block', el); return true; }, diff --git a/src/templates/add_contact_modal.html b/src/templates/add_contact_modal.html index 77e0b8b18..0f0736a63 100644 --- a/src/templates/add_contact_modal.html +++ b/src/templates/add_contact_modal.html @@ -17,7 +17,6 @@ value="{{{o.jid}}}" class="form-control suggestion-box__input" placeholder="{{{o.contact_placeholder}}}"/> -
{{{o.error_message}}}
@@ -28,10 +27,11 @@ -
{{{o.error_message}}}
- + +
+
{{{o.error_message}}}