mirror of
https://github.com/nextcloud/server.git
synced 2026-02-20 00:12:30 -05:00
Merge 1ccb0fbefc into 3c8ca879a5
This commit is contained in:
TimedIn
GitHub
commit
ad353f298d
2 changed files with 103 additions and 0 deletions
|
|
@ -10,11 +10,14 @@ namespace OCA\DAV\CardDAV\Validation;
|
|||
|
||||
use OCA\DAV\AppInfo\Application;
|
||||
use OCP\IAppConfig;
|
||||
use OCP\Mail\IMailer;
|
||||
use Sabre\DAV\Exception\BadRequest;
|
||||
use Sabre\DAV\Exception\Forbidden;
|
||||
use Sabre\DAV\Server;
|
||||
use Sabre\DAV\ServerPlugin;
|
||||
use Sabre\HTTP\RequestInterface;
|
||||
use Sabre\HTTP\ResponseInterface;
|
||||
use Sabre\VObject;
|
||||
|
||||
class CardDavValidatePlugin extends ServerPlugin {
|
||||
|
||||
|
|
@ -25,6 +28,7 @@ class CardDavValidatePlugin extends ServerPlugin {
|
|||
|
||||
public function initialize(Server $server): void {
|
||||
$server->on('beforeMethod:PUT', [$this, 'beforePut']);
|
||||
$server->on('beforeMethod:POST', [$this, 'beforePost']);
|
||||
}
|
||||
|
||||
public function beforePut(RequestInterface $request, ResponseInterface $response): bool {
|
||||
|
|
@ -33,8 +37,43 @@ class CardDavValidatePlugin extends ServerPlugin {
|
|||
if ((int)$request->getRawServerValue('CONTENT_LENGTH') > $cardSizeLimit) {
|
||||
throw new Forbidden("VCard object exceeds $cardSizeLimit bytes");
|
||||
}
|
||||
|
||||
$this->validateEmail($request, $response);
|
||||
|
||||
// all tests passed return true
|
||||
return true;
|
||||
}
|
||||
|
||||
public function beforePost(RequestInterface $request, ResponseInterface $response): bool {
|
||||
$this->validateEmail($request, $response);
|
||||
return true;
|
||||
}
|
||||
|
||||
public function validateEmail(RequestInterface $request, ResponseInterface $response) {
|
||||
// Get and Parse VCard
|
||||
$cardData = $request->getBodyAsString();
|
||||
if (!$cardData) {
|
||||
return true;
|
||||
}
|
||||
|
||||
$vCard = VObject\Reader::read($cardData);
|
||||
|
||||
// Get IMailer
|
||||
$mailer = \OC::$server->get(IMailer::class);
|
||||
|
||||
// Loop through all emails, validate. If needed trim email
|
||||
foreach ($vCard->EMAIL as $email) {
|
||||
$trimedEmail = trim((string)$email);
|
||||
if ($trimedEmail !== '' && !$mailer->validateMailAddress($trimedEmail)) {
|
||||
throw new BadRequest('Invalid email in vCard');
|
||||
}
|
||||
if ($trimedEmail !== (string)$email) {
|
||||
$vCard->remove($email);
|
||||
$vCard->add('EMAIL', $trimedEmail, ['type' => $email['TYPE']]);
|
||||
}
|
||||
}
|
||||
|
||||
// Pass parsed vcard
|
||||
$request->setBody($vCard->serialize());
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ namespace OCA\DAV\Tests\unit\CardDAV\Validation;
|
|||
use OCA\DAV\CardDAV\Validation\CardDavValidatePlugin;
|
||||
use OCP\IAppConfig;
|
||||
use PHPUnit\Framework\MockObject\MockObject;
|
||||
use Sabre\DAV\Exception\BadRequest;
|
||||
use Sabre\DAV\Exception\Forbidden;
|
||||
use Sabre\HTTP\RequestInterface;
|
||||
use Sabre\HTTP\ResponseInterface;
|
||||
|
|
@ -70,4 +71,67 @@ class CardDavValidatePluginTest extends TestCase {
|
|||
|
||||
}
|
||||
|
||||
public function testPutNoEmail(): void {
|
||||
$vcard = $this->getVCardWithEmail('');
|
||||
|
||||
$this->request
|
||||
->method('getBodyAsString')
|
||||
->willReturn($vcard);
|
||||
$this->assertTrue(
|
||||
$this->plugin->beforePut($this->request, $this->response),
|
||||
);
|
||||
}
|
||||
public function testPutValidEmail(): void {
|
||||
$vcard = $this->getVCardWithEmail('example@nextcloud.com');
|
||||
|
||||
$this->request
|
||||
->method('getBodyAsString')
|
||||
->willReturn($vcard);
|
||||
$this->assertTrue(
|
||||
$this->plugin->beforePut($this->request, $this->response),
|
||||
);
|
||||
}
|
||||
public function testPutInvalidEmail(): void {
|
||||
$vcard = $this->getVCardWithEmail('example-nextcloud');
|
||||
|
||||
$this->request
|
||||
->method('getBodyAsString')
|
||||
->willReturn($vcard);
|
||||
$this->expectException(BadRequest::class);
|
||||
$this->assertTrue(
|
||||
$this->plugin->beforePut($this->request, $this->response),
|
||||
);
|
||||
}
|
||||
|
||||
public function testPutTrimmingEmail(): void {
|
||||
$vcard = $this->getVCardWithEmail(' example@nextcloud.com ');
|
||||
$vcardTrimmed = $this->getVCardWithEmail('example@nextcloud.com');
|
||||
|
||||
$this->request
|
||||
->method('getBodyAsString')
|
||||
->willReturn($vcard);
|
||||
|
||||
$this->request
|
||||
->expects($this->once())
|
||||
->method('setBody')
|
||||
->with($this->equalTo($vcardTrimmed));
|
||||
|
||||
$this->assertTrue(
|
||||
$this->plugin->beforePut($this->request, $this->response),
|
||||
);
|
||||
}
|
||||
|
||||
private function getVCardWithEmail($email) {
|
||||
return <<<EOF
|
||||
BEGIN:VCARD\r
|
||||
VERSION:4.0\r
|
||||
PRODID:-//Nextcloud Contacts v7.0.4\r
|
||||
UID:b9a0f10b-a304-4970-8a09-c62bb6a1831b\r
|
||||
FN:Test\r
|
||||
EMAIL;TYPE=HOME:$email\r
|
||||
REV;VALUE=DATE-AND-OR-TIME:20250314T200304Z\r
|
||||
END:VCARD\r\n
|
||||
EOF;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue