This commit is contained in:
TimedIn 2026-02-19 08:00:06 +10:00 committed by GitHub
commit ad353f298d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 103 additions and 0 deletions

View file

@ -10,11 +10,14 @@ namespace OCA\DAV\CardDAV\Validation;
use OCA\DAV\AppInfo\Application;
use OCP\IAppConfig;
use OCP\Mail\IMailer;
use Sabre\DAV\Exception\BadRequest;
use Sabre\DAV\Exception\Forbidden;
use Sabre\DAV\Server;
use Sabre\DAV\ServerPlugin;
use Sabre\HTTP\RequestInterface;
use Sabre\HTTP\ResponseInterface;
use Sabre\VObject;
class CardDavValidatePlugin extends ServerPlugin {
@ -25,6 +28,7 @@ class CardDavValidatePlugin extends ServerPlugin {
public function initialize(Server $server): void {
$server->on('beforeMethod:PUT', [$this, 'beforePut']);
$server->on('beforeMethod:POST', [$this, 'beforePost']);
}
public function beforePut(RequestInterface $request, ResponseInterface $response): bool {
@ -33,8 +37,43 @@ class CardDavValidatePlugin extends ServerPlugin {
if ((int)$request->getRawServerValue('CONTENT_LENGTH') > $cardSizeLimit) {
throw new Forbidden("VCard object exceeds $cardSizeLimit bytes");
}
$this->validateEmail($request, $response);
// all tests passed return true
return true;
}
public function beforePost(RequestInterface $request, ResponseInterface $response): bool {
$this->validateEmail($request, $response);
return true;
}
public function validateEmail(RequestInterface $request, ResponseInterface $response) {
// Get and Parse VCard
$cardData = $request->getBodyAsString();
if (!$cardData) {
return true;
}
$vCard = VObject\Reader::read($cardData);
// Get IMailer
$mailer = \OC::$server->get(IMailer::class);
// Loop through all emails, validate. If needed trim email
foreach ($vCard->EMAIL as $email) {
$trimedEmail = trim((string)$email);
if ($trimedEmail !== '' && !$mailer->validateMailAddress($trimedEmail)) {
throw new BadRequest('Invalid email in vCard');
}
if ($trimedEmail !== (string)$email) {
$vCard->remove($email);
$vCard->add('EMAIL', $trimedEmail, ['type' => $email['TYPE']]);
}
}
// Pass parsed vcard
$request->setBody($vCard->serialize());
}
}

View file

@ -12,6 +12,7 @@ namespace OCA\DAV\Tests\unit\CardDAV\Validation;
use OCA\DAV\CardDAV\Validation\CardDavValidatePlugin;
use OCP\IAppConfig;
use PHPUnit\Framework\MockObject\MockObject;
use Sabre\DAV\Exception\BadRequest;
use Sabre\DAV\Exception\Forbidden;
use Sabre\HTTP\RequestInterface;
use Sabre\HTTP\ResponseInterface;
@ -70,4 +71,67 @@ class CardDavValidatePluginTest extends TestCase {
}
public function testPutNoEmail(): void {
$vcard = $this->getVCardWithEmail('');
$this->request
->method('getBodyAsString')
->willReturn($vcard);
$this->assertTrue(
$this->plugin->beforePut($this->request, $this->response),
);
}
public function testPutValidEmail(): void {
$vcard = $this->getVCardWithEmail('example@nextcloud.com');
$this->request
->method('getBodyAsString')
->willReturn($vcard);
$this->assertTrue(
$this->plugin->beforePut($this->request, $this->response),
);
}
public function testPutInvalidEmail(): void {
$vcard = $this->getVCardWithEmail('example-nextcloud');
$this->request
->method('getBodyAsString')
->willReturn($vcard);
$this->expectException(BadRequest::class);
$this->assertTrue(
$this->plugin->beforePut($this->request, $this->response),
);
}
public function testPutTrimmingEmail(): void {
$vcard = $this->getVCardWithEmail(' example@nextcloud.com ');
$vcardTrimmed = $this->getVCardWithEmail('example@nextcloud.com');
$this->request
->method('getBodyAsString')
->willReturn($vcard);
$this->request
->expects($this->once())
->method('setBody')
->with($this->equalTo($vcardTrimmed));
$this->assertTrue(
$this->plugin->beforePut($this->request, $this->response),
);
}
private function getVCardWithEmail($email) {
return <<<EOF
BEGIN:VCARD\r
VERSION:4.0\r
PRODID:-//Nextcloud Contacts v7.0.4\r
UID:b9a0f10b-a304-4970-8a09-c62bb6a1831b\r
FN:Test\r
EMAIL;TYPE=HOME:$email\r
REV;VALUE=DATE-AND-OR-TIME:20250314T200304Z\r
END:VCARD\r\n
EOF;
}
}