Prevent user from adding themselves as contact

This commit is contained in:
JC Brand 2019-03-28 15:32:50 +01:00
parent ab76a905f9
commit 34b8cd2ee6
5 changed files with 35 additions and 25 deletions

View File

@ -5,6 +5,7 @@
- Updated translation: lt
- Upgrade to Backbone 1.4.0, Strophe 1.3.2 and Jasmine 2.99.2
- Remove dependency on (our fork of) Awesomplete
- Prevent user from adding themselves as contact
- Fix "flashing" of roster filter when you have less than 5 roster contacts
- Fix handling of CAPTCHAs offered by ejabberd
- Don't send out receipts or markers for MAM messages

23
dist/converse.js vendored
View File

@ -59145,7 +59145,7 @@ _converse_headless_converse_core__WEBPACK_IMPORTED_MODULE_4__["default"].plugins
}));
if (list.length !== 1) {
const el = this.el.querySelector('.suggestion-box__name .invalid-feedback');
const el = this.el.querySelector('.invalid-feedback');
el.textContent = __('Sorry, could not find a contact with that name');
u.addClass('d-block', el);
return;
@ -59163,16 +59163,19 @@ _converse_headless_converse_core__WEBPACK_IMPORTED_MODULE_4__["default"].plugins
},
validateSubmission(jid) {
const el = this.el.querySelector('.invalid-feedback');
if (!jid || _.compact(jid.split('@')).length < 2) {
// XXX: we used to have to do this manually, instead of via
// toHTML because Awesomplete messes things up and
// confuses Snabbdom
// We now use _converse.AutoComplete, can this be removed?
u.addClass('is-invalid', this.el.querySelector('input[name="jid"]'));
u.addClass('d-block', this.el.querySelector('.suggestion-box__jid .invalid-feedback'));
u.addClass('d-block', el);
return false;
} else if (Strophe.getBareJidFromJid(jid) === _converse.bare_jid) {
el.textContent = __('You cannot add yourself as a contact');
u.addClass('d-block', el);
return false;
}
u.removeClass('d-block', el);
return true;
},
@ -92176,17 +92179,15 @@ __p += '\n value="' +
__e(o.jid) +
'"\n class="form-control suggestion-box__input"\n placeholder="' +
__e(o.contact_placeholder) +
'"/>\n <div class="invalid-feedback">' +
__e(o.error_message) +
'</div>\n <span class="suggestion-box__additions visually-hidden" role="status" aria-live="assertive" aria-relevant="additions"></span>\n </div>\n </div>\n <div class="form-group">\n <label class="clearfix" for="name">' +
'"/>\n <span class="suggestion-box__additions visually-hidden" role="status" aria-live="assertive" aria-relevant="additions"></span>\n </div>\n </div>\n <div class="form-group">\n <label class="clearfix" for="name">' +
__e(o.label_nickname) +
':</label>\n <div class="suggestion-box suggestion-box__name">\n <ul class="suggestion-box__results suggestion-box__results--above" hidden=""></ul>\n <input type="text" name="name" value="' +
__e(o.nickname) +
'"\n class="form-control suggestion-box__input"\n placeholder="' +
__e(o.nickname_placeholder) +
'"/>\n <div class="invalid-feedback">' +
'"/>\n <span class="suggestion-box__additions visually-hidden" role="status" aria-live="assertive" aria-relevant="additions"></span>\n </div>\n </div>\n <div class="form-group">\n <div class="invalid-feedback">' +
__e(o.error_message) +
'</div>\n <span class="suggestion-box__additions visually-hidden" role="status" aria-live="assertive" aria-relevant="additions"></span>\n </div>\n\n </div>\n <button type="submit" class="btn btn-primary">' +
'</div>\n </div>\n <button type="submit" class="btn btn-primary">' +
__e(o.label_add) +
'</button>\n </div>\n </form>\n </div>\n </div>\n</div>\n';
return __p

View File

@ -322,7 +322,9 @@
'open': _.noop,
'send': function () {
const value = modal.el.querySelector('input[name="name"]').value;
if (value === 'ambiguous') {
if (value === 'dummy') {
xhr.responseText = JSON.stringify([{"jid": "dummy@localhost", "fullname": "Max Mustermann"}]);
} else if (value === 'ambiguous') {
xhr.responseText = JSON.stringify([
{"jid": "marty@mcfly.net", "fullname": "Marty McFly"},
{"jid": "doc@brown.com", "fullname": "Doc Brown"}
@ -358,16 +360,20 @@
const input_el = modal.el.querySelector('input[name="name"]');
input_el.value = 'ambiguous';
modal.el.querySelector('button[type="submit"]').click();
let feedback_el = modal.el.querySelector('.suggestion-box__name .invalid-feedback');
let feedback_el = modal.el.querySelector('.invalid-feedback');
expect(feedback_el.textContent).toBe('Sorry, could not find a contact with that name');
feedback_el.textContent = '';
input_el.value = 'insufficient';
modal.el.querySelector('button[type="submit"]').click();
feedback_el = modal.el.querySelector('.suggestion-box__name .invalid-feedback');
feedback_el = modal.el.querySelector('.invalid-feedback');
expect(feedback_el.textContent).toBe('Sorry, could not find a contact with that name');
feedback_el.textContent = '';
input_el.value = 'dummy';
modal.el.querySelector('button[type="submit"]').click();
feedback_el = modal.el.querySelector('.invalid-feedback');
expect(feedback_el.textContent).toBe('You cannot add yourself as a contact');
input_el.value = 'Marty McFly';
modal.el.querySelector('button[type="submit"]').click();

View File

@ -190,7 +190,7 @@ converse.plugins.add('converse-rosterview', {
const r = this.xhr.responseText;
const list = JSON.parse(r).map(i => ({'label': i.fullname || i.jid, 'value': i.jid}));
if (list.length !== 1) {
const el = this.el.querySelector('.suggestion-box__name .invalid-feedback');
const el = this.el.querySelector('.invalid-feedback');
el.textContent = __('Sorry, could not find a contact with that name')
u.addClass('d-block', el);
return;
@ -206,15 +206,17 @@ converse.plugins.add('converse-rosterview', {
},
validateSubmission (jid) {
const el = this.el.querySelector('.invalid-feedback');
if (!jid || _.compact(jid.split('@')).length < 2) {
// XXX: we used to have to do this manually, instead of via
// toHTML because Awesomplete messes things up and
// confuses Snabbdom
// We now use _converse.AutoComplete, can this be removed?
u.addClass('is-invalid', this.el.querySelector('input[name="jid"]'));
u.addClass('d-block', this.el.querySelector('.suggestion-box__jid .invalid-feedback'));
u.addClass('d-block', el);
return false;
} else if (Strophe.getBareJidFromJid(jid) === _converse.bare_jid) {
el.textContent = __('You cannot add yourself as a contact')
u.addClass('d-block', el);
return false;
}
u.removeClass('d-block', el);
return true;
},

View File

@ -17,7 +17,6 @@
value="{{{o.jid}}}"
class="form-control suggestion-box__input"
placeholder="{{{o.contact_placeholder}}}"/>
<div class="invalid-feedback">{{{o.error_message}}}</div>
<span class="suggestion-box__additions visually-hidden" role="status" aria-live="assertive" aria-relevant="additions"></span>
</div>
</div>
@ -28,10 +27,11 @@
<input type="text" name="name" value="{{{o.nickname}}}"
class="form-control suggestion-box__input"
placeholder="{{{o.nickname_placeholder}}}"/>
<div class="invalid-feedback">{{{o.error_message}}}</div>
<span class="suggestion-box__additions visually-hidden" role="status" aria-live="assertive" aria-relevant="additions"></span>
</div>
</div>
<div class="form-group">
<div class="invalid-feedback">{{{o.error_message}}}</div>
</div>
<button type="submit" class="btn btn-primary">{{{o.label_add}}}</button>
</div>