changeset 4665:f0ffa8cf3ce6

mod_external_services: Validate required attributes on credentials requests
author Kim Alvefur <zash@zash.se>
date Sun, 29 Aug 2021 23:26:19 +0200
parents 524a9103fb45
children dbc7ba3cc27c
files mod_external_services/mod_external_services.lua
diffstat 1 files changed, 6 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/mod_external_services/mod_external_services.lua	Wed Sep 01 22:41:27 2021 +0100
+++ b/mod_external_services/mod_external_services.lua	Sun Aug 29 23:26:19 2021 +0200
@@ -168,7 +168,7 @@
 	local action = stanza.tags[1];
 
 	if origin.type ~= "c2s" then
-		origin.send(st.error_reply(stanza, "auth", "forbidden"));
+		origin.send(st.error_reply(stanza, "auth", "forbidden", "The 'port' and 'type' attributes are required."));
 		return true;
 	end
 
@@ -181,6 +181,11 @@
 
 	local requested_credentials = {};
 	for service in action:childtags("service") do
+		if not service.attr.type or not service.attr.host then
+			origin.send(st.error_reply(stanza, "modify", "bad-request"));
+			return true;
+		end
+
 		table.insert(requested_credentials, {
 				type = service.attr.type;
 				host = service.attr.host;