Prevent user from adding themselves as contact

34b8cd2e · JC Brand · ab76a905 · 34b8cd2e · 34b8cd2e · 34b8cd2e
Commit 34b8cd2e authored Mar 28, 2019 by JC Brand
5 changed files
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -5,6 +5,7 @@
 - Updated translation: lt
 - Upgrade to Backbone 1.4.0, Strophe 1.3.2 and Jasmine 2.99.2
 - Remove dependency on (our fork of) Awesomplete
+- Prevent user from adding themselves as contact
 - Fix "flashing" of roster filter when you have less than 5 roster contacts
 - Fix handling of CAPTCHAs offered by ejabberd
 - Don't send out receipts or markers for MAM messages

--- a/dist/converse.js
+++ b/dist/converse.js
@@ -59145,7 +59145,7 @@ _converse_headless_converse_core__WEBPACK_IMPORTED_MODULE_4__["default"].plugins
            }));
            if (list.length !== 1) {
-              const el = this.el.querySelector('.suggestion-box__name .invalid-feedback');
+              const el = this.el.querySelector('.invalid-feedback');
              el.textContent = __('Sorry, could not find a contact with that name');
              u.addClass('d-block', el);
              return;
@@ -59163,16 +59163,19 @@ _converse_headless_converse_core__WEBPACK_IMPORTED_MODULE_4__["default"].plugins
      },
      validateSubmission(jid) {
+        const el = this.el.querySelector('.invalid-feedback');
        if (!jid || _.compact(jid.split('@')).length < 2) {
-          // XXX: we used to have to do this manually, instead of via
-          // toHTML because Awesomplete messes things up and
-          // confuses Snabbdom
-          // We now use _converse.AutoComplete, can this be removed?
          u.addClass('is-invalid', this.el.querySelector('input[name="jid"]'));
-          u.addClass('d-block', this.el.querySelector('.suggestion-box__jid .invalid-feedback'));
+          u.addClass('d-block', el);
+          return false;
+        } else if (Strophe.getBareJidFromJid(jid) === _converse.bare_jid) {
+          el.textContent = __('You cannot add yourself as a contact');
+          u.addClass('d-block', el);
          return false;
        }
+        u.removeClass('d-block', el);
        return true;
      },
@@ -92176,17 +92179,15 @@ __p += '\n                                   value="' +
 __e(o.jid) +
 '"\n                                   class="form-control suggestion-box__input"\n                                   placeholder="' +
 __e(o.contact_placeholder) +
-'"/>\n                            <div class="invalid-feedback">' +
+'"/>\n                            <span class="suggestion-box__additions visually-hidden" role="status" aria-live="assertive" aria-relevant="additions"></span>\n                        </div>\n                    </div>\n                    <div class="form-group">\n                        <label class="clearfix" for="name">' +
-__e(o.error_message) +
-'</div>\n                            <span class="suggestion-box__additions visually-hidden" role="status" aria-live="assertive" aria-relevant="additions"></span>\n                        </div>\n                    </div>\n                    <div class="form-group">\n                        <label class="clearfix" for="name">' +
 __e(o.label_nickname) +
 ':</label>\n                        <div class="suggestion-box suggestion-box__name">\n                            <ul class="suggestion-box__results suggestion-box__results--above" hidden=""></ul>\n                            <input type="text" name="name" value="' +
 __e(o.nickname) +
 '"\n                                   class="form-control suggestion-box__input"\n                                   placeholder="' +
 __e(o.nickname_placeholder) +
-'"/>\n                            <div class="invalid-feedback">' +
+'"/>\n                            <span class="suggestion-box__additions visually-hidden" role="status" aria-live="assertive" aria-relevant="additions"></span>\n                        </div>\n                    </div>\n                    <div class="form-group">\n                        <div class="invalid-feedback">' +
 __e(o.error_message) +
-'</div>\n                            <span class="suggestion-box__additions visually-hidden" role="status" aria-live="assertive" aria-relevant="additions"></span>\n                        </div>\n\n                    </div>\n                    <button type="submit" class="btn btn-primary">' +
+'</div>\n                    </div>\n                    <button type="submit" class="btn btn-primary">' +
 __e(o.label_add) +
 '</button>\n                </div>\n            </form>\n        </div>\n    </div>\n</div>\n';
 return __p
--- a/spec/controlbox.js
+++ b/spec/controlbox.js
@@ -322,7 +322,9 @@
                'open': _.noop,
                'send': function () {
                    const value = modal.el.querySelector('input[name="name"]').value;
-                    if (value === 'ambiguous') {
+                    if (value === 'dummy') {
+                        xhr.responseText = JSON.stringify([{"jid": "dummy@localhost", "fullname": "Max Mustermann"}]);
+                    } else if (value === 'ambiguous') {
                        xhr.responseText = JSON.stringify([
                            {"jid": "marty@mcfly.net", "fullname": "Marty McFly"},
                            {"jid": "doc@brown.com", "fullname": "Doc Brown"}
@@ -358,16 +360,20 @@
            const input_el = modal.el.querySelector('input[name="name"]');
            input_el.value = 'ambiguous';
            modal.el.querySelector('button[type="submit"]').click();
+            let feedback_el = modal.el.querySelector('.invalid-feedback');
-            let feedback_el = modal.el.querySelector('.suggestion-box__name .invalid-feedback');
            expect(feedback_el.textContent).toBe('Sorry, could not find a contact with that name');
            feedback_el.textContent = '';
            input_el.value = 'insufficient';
            modal.el.querySelector('button[type="submit"]').click();
+            feedback_el = modal.el.querySelector('.invalid-feedback');
-            feedback_el = modal.el.querySelector('.suggestion-box__name .invalid-feedback');
            expect(feedback_el.textContent).toBe('Sorry, could not find a contact with that name');
+            feedback_el.textContent = '';
+            input_el.value = 'dummy';
+            modal.el.querySelector('button[type="submit"]').click();
+            feedback_el = modal.el.querySelector('.invalid-feedback');
+            expect(feedback_el.textContent).toBe('You cannot add yourself as a contact');
            input_el.value = 'Marty McFly';
            modal.el.querySelector('button[type="submit"]').click();

--- a/src/converse-rosterview.js
+++ b/src/converse-rosterview.js
@@ -190,7 +190,7 @@ converse.plugins.add('converse-rosterview', {
                        const r = this.xhr.responseText;
                        const list = JSON.parse(r).map(i => ({'label': i.fullname || i.jid, 'value': i.jid}));
                        if (list.length !== 1) {
-                            const el = this.el.querySelector('.suggestion-box__name .invalid-feedback');
+                            const el = this.el.querySelector('.invalid-feedback');
                            el.textContent = __('Sorry, could not find a contact with that name')
                            u.addClass('d-block', el);
                            return;
@@ -206,15 +206,17 @@ converse.plugins.add('converse-rosterview', {
            },
            validateSubmission (jid) {
+                const el = this.el.querySelector('.invalid-feedback');
                if (!jid || _.compact(jid.split('@')).length < 2) {
-                    // XXX: we used to have to do this manually, instead of via
-                    // toHTML because Awesomplete messes things up and
-                    // confuses Snabbdom
-                    // We now use _converse.AutoComplete, can this be removed?
                    u.addClass('is-invalid', this.el.querySelector('input[name="jid"]'));
-                    u.addClass('d-block', this.el.querySelector('.suggestion-box__jid .invalid-feedback'));
+                    u.addClass('d-block', el);
+                    return false;
+                } else if (Strophe.getBareJidFromJid(jid) === _converse.bare_jid) {
+                    el.textContent = __('You cannot add yourself as a contact')
+                    u.addClass('d-block', el);
                    return false;
                }
+                u.removeClass('d-block', el);
                return true;
            },

--- a/src/templates/add_contact_modal.html
+++ b/src/templates/add_contact_modal.html
@@ -17,7 +17,6 @@
                                   value="{{{o.jid}}}"
                                   class="form-control suggestion-box__input"
                                   placeholder="{{{o.contact_placeholder}}}"/>
-                            <div class="invalid-feedback">{{{o.error_message}}}</div>
                            <span class="suggestion-box__additions visually-hidden" role="status" aria-live="assertive" aria-relevant="additions"></span>
                        </div>
                    </div>
@@ -28,10 +27,11 @@
                            <input type="text" name="name" value="{{{o.nickname}}}"
                                   class="form-control suggestion-box__input"
                                   placeholder="{{{o.nickname_placeholder}}}"/>
-                            <div class="invalid-feedback">{{{o.error_message}}}</div>
                            <span class="suggestion-box__additions visually-hidden" role="status" aria-live="assertive" aria-relevant="additions"></span>
                        </div>
+                    </div>
+                    <div class="form-group">
+                        <div class="invalid-feedback">{{{o.error_message}}}</div>
                    </div>
                    <button type="submit" class="btn btn-primary">{{{o.label_add}}}</button>
                </div>