# HG changeset patch
# User Goffi <goffi@goffi.org>
# Date 1620222079 -7200
# Node ID ab72b8ac3bd29e6bdf1c288c8b4844f96f0c0f77
# Parent  a8259a1f89b2a0e5d6223229199c67d8d1847f8f
component file sharing: forbid jingle upload by entities which are not in allowed hosts

diff -r a8259a1f89b2 -r ab72b8ac3bd2 sat/plugins/plugin_comp_file_sharing.py
--- a/sat/plugins/plugin_comp_file_sharing.py	Wed May 05 15:37:33 2021 +0200
+++ b/sat/plugins/plugin_comp_file_sharing.py	Wed May 05 15:41:19 2021 +0200
@@ -508,6 +508,9 @@
         """This trigger accept file sending request, and store file locally"""
         if not client.is_component:
             return True, None
+        # client._file_sharing_allowed_hosts is set in plugin XEP-0329
+        if peer_jid.host not in client._file_sharing_allowed_hosts:
+            raise error.StanzaError("forbidden")
         assert stream_object
         assert "stream_object" not in transfer_data
         assert C.KEY_PROGRESS_ID in file_data