diff sat_pubsub/privilege.py @ 470:a549c8e17827

privilege: don't try to get roster if the request if for a jid not belonging to our server
author Goffi <goffi@goffi.org>
date Thu, 21 Oct 2021 17:24:25 +0200
parents d86e0f8a1405
children ed9e12701e0f
line wrap: on
line diff
--- a/sat_pubsub/privilege.py	Fri Oct 15 18:10:11 2021 +0200
+++ b/sat_pubsub/privilege.py	Thu Oct 21 17:24:25 2021 +0200
@@ -242,6 +242,9 @@
         @param to_jid: jid of the entity owning the roster
         @return: roster data
         """
+        if jid.JID(to_jid.host) != self.backend.server_jid:
+            # no need to try to get the roster if it's not a user of our own server
+            return None
         if self._permissions[PERM_ROSTER] not in ('get', 'both'):
             log.msg("WARNING: permission not allowed to get roster")
             raise failure.Failure(NotAllowedError('roster get is not allowed'))