From d59b3392abf021d0289b5b2ea1a67bc99e8d89da Mon Sep 17 00:00:00 2001 From: Georg Ehrke Date: Sat, 21 Oct 2017 11:19:01 +0200 Subject: [PATCH] disallow users to create calendars with reserved names Signed-off-by: Georg Ehrke --- apps/dav/lib/CalDAV/CalendarHome.php | 15 ++++ .../tests/unit/CalDAV/CalendarHomeTest.php | 81 +++++++++++++++++++ 2 files changed, 96 insertions(+) create mode 100644 apps/dav/tests/unit/CalDAV/CalendarHomeTest.php diff --git a/apps/dav/lib/CalDAV/CalendarHome.php b/apps/dav/lib/CalDAV/CalendarHome.php index c1988c7493e..3e645db459f 100644 --- a/apps/dav/lib/CalDAV/CalendarHome.php +++ b/apps/dav/lib/CalDAV/CalendarHome.php @@ -32,6 +32,8 @@ use Sabre\CalDAV\Schedule\Inbox; use Sabre\CalDAV\Schedule\Outbox; use Sabre\CalDAV\Subscriptions\Subscription; use Sabre\DAV\Exception\NotFound; +use Sabre\DAV\Exception\MethodNotAllowed; +use Sabre\DAV\MkCol; class CalendarHome extends \Sabre\CalDAV\CalendarHome { @@ -54,6 +56,19 @@ class CalendarHome extends \Sabre\CalDAV\CalendarHome { return $this->caldavBackend; } + /** + * @inheritdoc + */ + function createExtendedCollection($name, MkCol $mkCol) { + $reservedNames = [BirthdayService::BIRTHDAY_CALENDAR_URI]; + + if (in_array($name, $reservedNames)) { + throw new MethodNotAllowed('The resource you tried to create has a reserved name'); + } + + parent::createExtendedCollection($name, $mkCol); + } + /** * @inheritdoc */ diff --git a/apps/dav/tests/unit/CalDAV/CalendarHomeTest.php b/apps/dav/tests/unit/CalDAV/CalendarHomeTest.php new file mode 100644 index 00000000000..a7981cfa159 --- /dev/null +++ b/apps/dav/tests/unit/CalDAV/CalendarHomeTest.php @@ -0,0 +1,81 @@ + + * + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ + +namespace OCA\DAV\Tests\unit\CalDAV; + +use OCA\DAV\CalDAV\CalDavBackend; +use OCA\DAV\CalDAV\CalendarHome; +use Sabre\DAV\MkCol; +use Test\TestCase; + +class CalendarHomeTest extends TestCase { + + /** @var CalDavBackend | \PHPUnit_Framework_MockObject_MockObject */ + private $backend; + + /** @var array */ + private $principalInfo = []; + + /** @var CalendarHome */ + private $calendarHome; + + protected function setUp() { + parent::setUp(); + + $this->backend = $this->createMock(CalDavBackend::class); + $this->principalInfo = [ + 'uri' => 'user-principal-123', + ]; + + $this->calendarHome = new CalendarHome($this->backend, + $this->principalInfo); + } + + public function testCreateCalendarValidName() { + /** @var MkCol | \PHPUnit_Framework_MockObject_MockObject $mkCol */ + $mkCol = $this->createMock(MkCol::class); + + $mkCol->method('getResourceType') + ->will($this->returnValue(['{DAV:}collection', + '{urn:ietf:params:xml:ns:caldav}calendar'])); + $mkCol->method('getRemainingValues') + ->will($this->returnValue(['... properties ...'])); + + $this->backend->expects($this->once()) + ->method('createCalendar') + ->with('user-principal-123', 'name123', ['... properties ...']); + + $this->calendarHome->createExtendedCollection('name123', $mkCol); + } + + /** + * @expectedException \Sabre\DAV\Exception\MethodNotAllowed + * @expectedExceptionMessage The resource you tried to create has a reserved name + */ + public function testCreateCalendarReservedName() { + /** @var MkCol | \PHPUnit_Framework_MockObject_MockObject $mkCol */ + $mkCol = $this->createMock(MkCol::class); + + $this->calendarHome->createExtendedCollection('contact_birthdays', $mkCol); + } +}