mirror of
https://github.com/nextcloud/spreed.git
synced 2025-12-18 05:20:50 +01:00
fix(ban): Validate actor types on banning
Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling
parent
12cf1bb53c
commit
41def0b6c2
6 changed files with 10 additions and 16 deletions
|
|
@ -10,7 +10,6 @@ declare(strict_types=1);
|
|||
namespace OCA\Talk\Controller;
|
||||
|
||||
use OCA\Talk\Middleware\Attribute\RequireModeratorParticipant;
|
||||
use OCA\Talk\Model\Attendee;
|
||||
use OCA\Talk\Model\Ban;
|
||||
use OCA\Talk\ResponseDefinitions;
|
||||
use OCA\Talk\Service\BanService;
|
||||
|
|
@ -38,8 +37,7 @@ class BanController extends AEnvironmentAwareController {
|
|||
*
|
||||
* Required capability: `ban-v1`
|
||||
*
|
||||
* @param 'users'|'groups'|'guests'|'circles'|'emails'|'federated_users'|'phones'|'ip' $actorType Type of actor to ban, or `ip` when banning a clients remote address
|
||||
* @psalm-param Attendee::ACTOR_*|'ip' $actorType Type of actor to ban, or `ip` when banning a clients remote address
|
||||
* @param 'users'|'guests'|'ip' $actorType Type of actor to ban, or `ip` when banning a clients remote address
|
||||
* @param string $actorId Actor ID or the IP address or range in case of type `ip`
|
||||
* @param string $internalNote Optional internal note (max. 4000 characters)
|
||||
* @return DataResponse<Http::STATUS_OK, TalkBan, array{}>|DataResponse<Http::STATUS_BAD_REQUEST, array{error: 'bannedActor'|'internalNote'|'moderator'|'self'}, array{}>
|
||||
|
|
|
|||
|
|
@ -34,10 +34,16 @@ class BanService {
|
|||
* @throws \InvalidArgumentException
|
||||
*/
|
||||
public function createBan(Room $room, string $moderatorActorType, string $moderatorActorId, string $moderatorDisplayname, string $bannedActorType, string $bannedActorId, DateTime $bannedTime, string $internalNote): Ban {
|
||||
if (empty($bannedActorId) || empty($bannedActorType)) {
|
||||
if (!in_array($bannedActorType, ['users', 'guests', 'ip'], true)) {
|
||||
throw new \InvalidArgumentException('bannedActor');
|
||||
}
|
||||
|
||||
if (empty($bannedActorId)) {
|
||||
throw new \InvalidArgumentException('bannedActor');
|
||||
}
|
||||
|
||||
// Fix missing IP and range validation
|
||||
|
||||
if (strlen($internalNote) > Ban::NOTE_MAX_LENGTH) {
|
||||
throw new \InvalidArgumentException('internalNote');
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1990,12 +1990,7 @@
|
|||
"type": "string",
|
||||
"enum": [
|
||||
"users",
|
||||
"groups",
|
||||
"guests",
|
||||
"circles",
|
||||
"emails",
|
||||
"federated_users",
|
||||
"phones",
|
||||
"ip"
|
||||
]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1877,12 +1877,7 @@
|
|||
"type": "string",
|
||||
"enum": [
|
||||
"users",
|
||||
"groups",
|
||||
"guests",
|
||||
"circles",
|
||||
"emails",
|
||||
"federated_users",
|
||||
"phones",
|
||||
"ip"
|
||||
]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2388,7 +2388,7 @@ export interface operations {
|
|||
parameters: {
|
||||
query: {
|
||||
/** @description Type of actor to ban, or `ip` when banning a clients remote address */
|
||||
actorType: "users" | "groups" | "guests" | "circles" | "emails" | "federated_users" | "phones" | "ip";
|
||||
actorType: "users" | "guests" | "ip";
|
||||
/** @description Actor ID or the IP address or range in case of type `ip` */
|
||||
actorId: string;
|
||||
/** @description Optional internal note (max. 4000 characters) */
|
||||
|
|
|
|||
|
|
@ -1873,7 +1873,7 @@ export interface operations {
|
|||
parameters: {
|
||||
query: {
|
||||
/** @description Type of actor to ban, or `ip` when banning a clients remote address */
|
||||
actorType: "users" | "groups" | "guests" | "circles" | "emails" | "federated_users" | "phones" | "ip";
|
||||
actorType: "users" | "guests" | "ip";
|
||||
/** @description Actor ID or the IP address or range in case of type `ip` */
|
||||
actorId: string;
|
||||
/** @description Optional internal note (max. 4000 characters) */
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue