Commit 43d0932d authored by JC Brand's avatar JC Brand

Update roster push handling code

- Remove misleading comment and fix conditional logic
- Check that there's only one <item> element.

updates #1106
parent ec609a38
...@@ -342,10 +342,10 @@ ...@@ -342,10 +342,10 @@
/* Register a handler for roster IQ "set" stanzas, which update /* Register a handler for roster IQ "set" stanzas, which update
* roster contacts. * roster contacts.
*/ */
_converse.connection.addHandler( _converse.connection.addHandler((iq) => {
_converse.roster.onRosterPush.bind(_converse.roster), _converse.roster.onRosterPush(iq);
Strophe.NS.ROSTER, 'iq', "set" return true;
); }, Strophe.NS.ROSTER, 'iq', "set");
}, },
registerRosterXHandler () { registerRosterXHandler () {
...@@ -513,23 +513,29 @@ ...@@ -513,23 +513,29 @@
*/ */
const id = iq.getAttribute('id'); const id = iq.getAttribute('id');
const from = iq.getAttribute('from'); const from = iq.getAttribute('from');
if (from && from !== "" && Strophe.getBareJidFromJid(from) !== _converse.bare_jid) { if (from && from !== _converse.connection.jid) {
// Receiving client MUST ignore stanza unless it has no from or from = user's bare JID. // https://tools.ietf.org/html/rfc6121#page-15
// XXX: Some naughty servers apparently send from a full //
// JID so we need to explicitly compare bare jids here. // A receiving client MUST ignore the stanza unless it has no 'from'
// https://github.com/jcbrand/converse.js/issues/493 // attribute (i.e., implicitly from the bare JID of the user's
_converse.connection.send( // account) or it has a 'from' attribute whose value matches the
$iq({type: 'error', id, from: _converse.connection.jid}) // user's bare JID <user@domainpart>.
.c('error', {'type': 'cancel'}) return;
.c('service-unavailable', {'xmlns': Strophe.NS.ROSTER })
);
return true;
} }
_converse.connection.send($iq({type: 'result', id, from: _converse.connection.jid})); _converse.connection.send($iq({type: 'result', id, from: _converse.connection.jid}));
const items = sizzle(`query[xmlns="${Strophe.NS.ROSTER}"] item`, iq); const items = sizzle(`query[xmlns="${Strophe.NS.ROSTER}"] item`, iq);
_.each(items, this.updateContact.bind(this)); if (items.length > 1) {
_converse.log(iq, Strophe.LogLevel.ERROR);
throw new Error('Roster push query may not contain more than one "item" element.');
}
if (items.length === 0) {
_converse.log(iq, Strophe.LogLevel.WARN);
_converse.log('Received a roster push stanza without an "item" element.', Strophe.LogLevel.WARN);
return;
}
this.updateContact(items.pop());
_converse.emit('rosterPush', iq); _converse.emit('rosterPush', iq);
return true; return;
}, },
fetchFromServer () { fetchFromServer () {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment