From ffc4fcf95e50b1a56f931141959d68a1ac8f2cf8 Mon Sep 17 00:00:00 2001 From: Mikhail Uvarov Date: Thu, 6 Oct 2022 17:23:16 +0200 Subject: [PATCH 1/3] Check jid format in muc api #3752 Add graphql_muc_SUITE:user_try_create_instant_room_with_invalid_name testcase --- big_tests/tests/graphql_muc_SUITE.erl | 9 +++++++++ src/mod_muc_api.erl | 11 ++++++----- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/big_tests/tests/graphql_muc_SUITE.erl b/big_tests/tests/graphql_muc_SUITE.erl index 02500978d14..69c7651434a 100644 --- a/big_tests/tests/graphql_muc_SUITE.erl +++ b/big_tests/tests/graphql_muc_SUITE.erl @@ -43,6 +43,7 @@ user_muc_tests() -> user_try_delete_nonexistent_room, user_try_delete_room_by_not_owner, user_try_create_instant_room_with_nonexistent_domain, + user_try_create_instant_room_with_invalid_name, user_list_rooms, user_list_room_users, user_list_room_users_without_anonymous_mode, @@ -982,6 +983,14 @@ user_try_create_instant_room_with_nonexistent_domain_story(Config, Alice) -> Res = user_create_instant_room(Alice, <<"unknown">>, rand_name(), <<"Ali">>, Config), ?assertNotEqual(nomatch, binary:match(get_err_msg(Res), <<"not found">>)). +user_try_create_instant_room_with_invalid_name(Config) -> + escalus:fresh_story_with_config(Config, [{alice, 1}], + fun user_try_create_instant_room_with_invalid_name_story/2). + +user_try_create_instant_room_with_invalid_name_story(Config, Alice) -> + Res = user_create_instant_room(Alice, muc_helper:muc_host(), <<"test room">>, <<"Ali">>, Config), + ?assertNotEqual(nomatch, binary:match(get_err_msg(Res), <<"Room name or domain are invalid">>)). + user_try_delete_nonexistent_room(Config) -> escalus:fresh_story_with_config(Config, [{alice, 1}], fun user_try_delete_nonexistent_room_story/2). diff --git a/src/mod_muc_api.erl b/src/mod_muc_api.erl index 2193a8fc24f..84ab12d3118 100644 --- a/src/mod_muc_api.erl +++ b/src/mod_muc_api.erl @@ -99,10 +99,9 @@ create_instant_room(MUCDomain, Name, OwnerJID, Nick) -> %% Because these stanzas are sent on the owner's behalf through %% the HTTP API, they will certainly receive stanzas as a %% consequence, even if their client(s) did not initiate this. - case ejabberd_auth:does_user_exist(OwnerJID) of - true -> - BareRoomJID = jid:make_bare(Name, MUCDomain), - UserRoomJID = jid:make(Name, MUCDomain, Nick), + case {ejabberd_auth:does_user_exist(OwnerJID), jid:make_bare(Name, MUCDomain)} of + {true, BareRoomJID = #jid{}} -> + UserRoomJID = jid:replace_resource(BareRoomJID, Nick), %% Send presence to create a room. ejabberd_router:route(OwnerJID, UserRoomJID, presence(OwnerJID, UserRoomJID, undefined)), @@ -115,7 +114,9 @@ create_instant_room(MUCDomain, Name, OwnerJID, Nick) -> Error -> Error end; - false -> + {true, error} -> + {invalid_input, "Room name or domain are invalid"}; + {false, _} -> ?USER_NOT_FOUND_RESULT end. From fc04bedb1ab07fb306a659846d6bcf9423646b8f Mon Sep 17 00:00:00 2001 From: Mikhail Uvarov Date: Fri, 7 Oct 2022 10:53:13 +0200 Subject: [PATCH 2/3] Make from required to pass in listRooms Otherwise null is passed into a room process which crashes the process --- priv/graphql/schemas/admin/muc.gql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/priv/graphql/schemas/admin/muc.gql b/priv/graphql/schemas/admin/muc.gql index e74c57e856b..78e788e6525 100644 --- a/priv/graphql/schemas/admin/muc.gql +++ b/priv/graphql/schemas/admin/muc.gql @@ -44,7 +44,7 @@ Allow admin to get information about Multi-User Chat rooms. type MUCAdminQuery @protected @use(modules: ["mod_muc"]){ "Get MUC rooms under the given MUC domain" #There is no @use directive because it is currently impossible to get HostType from mucDomain in directive code - listRooms(mucDomain: String!, from: JID, limit: Int, index: Int): MUCRoomsPayload! + listRooms(mucDomain: String!, from: JID!, limit: Int, index: Int): MUCRoomsPayload! @protected(type: DOMAIN, args: ["from"]) "Get configuration of the MUC room" getRoomConfig(room: JID!): MUCRoomConfig From 02603b4b34c8cc9b1a377f940b8a0c7d042b5a46 Mon Sep 17 00:00:00 2001 From: Kamil Waz Date: Fri, 21 Oct 2022 11:53:29 +0200 Subject: [PATCH 3/3] Fix typo in error message --- big_tests/tests/graphql_muc_SUITE.erl | 2 +- src/mod_muc_api.erl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/big_tests/tests/graphql_muc_SUITE.erl b/big_tests/tests/graphql_muc_SUITE.erl index 69c7651434a..4c722127fc7 100644 --- a/big_tests/tests/graphql_muc_SUITE.erl +++ b/big_tests/tests/graphql_muc_SUITE.erl @@ -989,7 +989,7 @@ user_try_create_instant_room_with_invalid_name(Config) -> user_try_create_instant_room_with_invalid_name_story(Config, Alice) -> Res = user_create_instant_room(Alice, muc_helper:muc_host(), <<"test room">>, <<"Ali">>, Config), - ?assertNotEqual(nomatch, binary:match(get_err_msg(Res), <<"Room name or domain are invalid">>)). + ?assertNotEqual(nomatch, binary:match(get_err_msg(Res), <<"Room name or domain is invalid">>)). user_try_delete_nonexistent_room(Config) -> escalus:fresh_story_with_config(Config, [{alice, 1}], diff --git a/src/mod_muc_api.erl b/src/mod_muc_api.erl index 84ab12d3118..5290d8bd178 100644 --- a/src/mod_muc_api.erl +++ b/src/mod_muc_api.erl @@ -115,7 +115,7 @@ create_instant_room(MUCDomain, Name, OwnerJID, Nick) -> Error end; {true, error} -> - {invalid_input, "Room name or domain are invalid"}; + {invalid_input, "Room name or domain is invalid"}; {false, _} -> ?USER_NOT_FOUND_RESULT end.