check against own jid when detecting forged mam messages
This commit is contained in:
Christoph Scholz
JC Brand
parent
30d550596b
commit
f68eb65cd7
54
spec/mam.js
54
spec/mam.js
|
|
@ -265,6 +265,60 @@ describe("Message Archive Management", function () {
|
|||
done();
|
||||
}));
|
||||
|
||||
it("is not discarded if it comes from the right sender",
|
||||
mock.initConverse(
|
||||
['discoInitialized'], {},
|
||||
async function (done, _converse) {
|
||||
|
||||
await mock.waitForRoster(_converse, 'current', 1);
|
||||
const contact_jid = mock.cur_names[0].replace(/ /g,'.').toLowerCase() + '@montague.lit';
|
||||
await mock.openChatBoxFor(_converse, contact_jid);
|
||||
const view = _converse.chatboxviews.get(contact_jid);
|
||||
await mock.waitUntilDiscoConfirmed(_converse, _converse.bare_jid, null, [Strophe.NS.MAM]);
|
||||
const sent_IQs = _converse.connection.IQ_stanzas;
|
||||
const stanza = await u.waitUntil(() => sent_IQs.filter(iq => iq.querySelector(`iq[type="set"] query[xmlns="${Strophe.NS.MAM}"]`)).pop());
|
||||
const queryid = stanza.querySelector('query').getAttribute('queryid');
|
||||
let msg = $msg({'id': _converse.connection.getUniqueId(), 'from': _converse.bare_jid, 'to': _converse.bare_jid})
|
||||
.c('result', {'xmlns': 'urn:xmpp:mam:2', 'queryid':queryid, 'id': _converse.connection.getUniqueId()})
|
||||
.c('forwarded', {'xmlns':'urn:xmpp:forward:0'})
|
||||
.c('delay', {'xmlns':'urn:xmpp:delay', 'stamp':'2010-07-10T23:08:25Z'}).up()
|
||||
.c('message', {
|
||||
'xmlns':'jabber:client',
|
||||
'to': _converse.bare_jid,
|
||||
'id': _converse.connection.getUniqueId(),
|
||||
'from': contact_jid,
|
||||
'type':'chat'
|
||||
}).c('body').t("Meet me at the dance");
|
||||
spyOn(converse.env.log, 'warn');
|
||||
_converse.connection._dataRecv(mock.createRequest(msg));
|
||||
|
||||
msg = $msg({'id': _converse.connection.getUniqueId(), 'to': _converse.bare_jid})
|
||||
.c('result', {'xmlns': 'urn:xmpp:mam:2', 'queryid':queryid, 'id': _converse.connection.getUniqueId()})
|
||||
.c('forwarded', {'xmlns':'urn:xmpp:forward:0'})
|
||||
.c('delay', {'xmlns':'urn:xmpp:delay', 'stamp':'2010-07-10T23:08:25Z'}).up()
|
||||
.c('message', {
|
||||
'xmlns':'jabber:client',
|
||||
'to': _converse.bare_jid,
|
||||
'id': _converse.connection.getUniqueId(),
|
||||
'from': contact_jid,
|
||||
'type':'chat'
|
||||
}).c('body').t("Thrice the brinded cat hath mew'd.");
|
||||
_converse.connection._dataRecv(mock.createRequest(msg));
|
||||
|
||||
const iq_result = $iq({'type': 'result', 'id': stanza.getAttribute('id')})
|
||||
.c('fin', {'xmlns': 'urn:xmpp:mam:2'})
|
||||
.c('set', {'xmlns': 'http://jabber.org/protocol/rsm'})
|
||||
.c('first', {'index': '0'}).t('23452-4534-1').up()
|
||||
.c('last').t('09af3-cc343-b409f').up()
|
||||
.c('count').t('16');
|
||||
_converse.connection._dataRecv(mock.createRequest(iq_result));
|
||||
|
||||
await new Promise(resolve => view.model.messages.once('rendered', resolve));
|
||||
expect(view.model.messages.length).toBe(2);
|
||||
expect(view.model.messages.at(0).get('message')).toBe("Meet me at the dance");
|
||||
expect(view.model.messages.at(1).get('message')).toBe("Thrice the brinded cat hath mew'd.");
|
||||
done();
|
||||
}));
|
||||
|
||||
it("updates the is_archived value of an already cached version",
|
||||
mock.initConverse(
|
||||
|
|
|
|||
|
|
@ -517,7 +517,7 @@ const st = {
|
|||
|
||||
if (attrs.is_archived) {
|
||||
const from = original_stanza.getAttribute('from');
|
||||
if (from && contact_jid && from !== contact_jid) {
|
||||
if (from && from !== _converse.bare_jid) {
|
||||
return new StanzaParseError(`Invalid Stanza: Forged MAM message from ${from}`, stanza);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user