Mirrors/chatmail-core
1
0
Fork 0
mirror of https://github.com/chatmail/core.git synced 2026-05-25 01:36:31 +03:00
Code Issues Packages Projects Releases Wiki Activity

feat: do not allow non-members to modify member list

Browse Source
This commit is contained in:
link2xt
2025-01-13 22:28:16 +00:00
parent 6057b40910
commit 3e7b662796
2 changed files with 93 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
src/chat.rs
View File

@@ -7860,4 +7860,40 @@ mod tests {
Ok(()) Ok(())
} }
#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
async fn non_member_cannot_modify_member_list() -> Result<()> {
let mut tcm = TestContextManager::new();
let alice = &tcm.alice().await;
let bob = &tcm.bob().await;
let bob_addr = bob.get_config(Config::Addr).await?.unwrap();
let alice_bob_contact_id = Contact::create(alice, "Bob", &bob_addr).await?;
let alice_chat_id =
create_group_chat(alice, ProtectionStatus::Unprotected, "Group chat").await?;
add_contact_to_chat(alice, alice_chat_id, alice_bob_contact_id).await?;
let alice_sent_msg = alice
.send_text(alice_chat_id, "Hi! I created a group.")
.await;
let bob_received_msg = bob.recv_msg(&alice_sent_msg).await;
let bob_chat_id = bob_received_msg.get_chat_id();
bob_chat_id.accept(bob).await?;
let bob_fiona_contact_id = Contact::create(bob, "Fiona", "fiona@example.net").await?;
// Alice removes Bob and Bob adds Fiona at the same time.
remove_contact_from_chat(alice, alice_chat_id, alice_bob_contact_id).await?;
add_contact_to_chat(bob, bob_chat_id, bob_fiona_contact_id).await?;
let bob_sent_add_msg = bob.pop_sent_msg().await;
// Alice ignores Bob's message because Bob is not a member.
assert_eq!(get_chat_contacts(alice, alice_chat_id).await?.len(), 1);
alice.recv_msg(&bob_sent_add_msg).await;
assert_eq!(get_chat_contacts(alice, alice_chat_id).await?.len(), 1);
Ok(())
}
} }

4
src/receive_imf.rs
View File

@@ -2329,6 +2329,7 @@ async fn apply_group_changes(
let mut added_ids = HashSet::<ContactId>::new(); let mut added_ids = HashSet::<ContactId>::new();
let mut removed_ids = HashSet::<ContactId>::new(); let mut removed_ids = HashSet::<ContactId>::new();
if is_from_in_chat {
if let Some(ref chat_group_member_timestamps) = mime_parser.chat_group_member_timestamps() { if let Some(ref chat_group_member_timestamps) = mime_parser.chat_group_member_timestamps() {
send_event_chat_modified |= update_chats_contacts_timestamps( send_event_chat_modified |= update_chats_contacts_timestamps(
context, context,
@@ -2353,7 +2354,7 @@ async fn apply_group_changes(
.difference(&new_chat_contacts) .difference(&new_chat_contacts)
.copied() .copied()
.collect(); .collect();
} else if is_from_in_chat { } else {
let mut new_members = HashSet::from_iter(to_ids.iter().copied()); let mut new_members = HashSet::from_iter(to_ids.iter().copied());
new_members.insert(ContactId::SELF); new_members.insert(ContactId::SELF);
if !from_id.is_special() { if !from_id.is_special() {
@@ -2390,6 +2391,7 @@ async fn apply_group_changes(
send_event_chat_modified = true; send_event_chat_modified = true;
} }
} }
}
if let Some(added_id) = added_id { if let Some(added_id) = added_id {
added_ids.remove(&added_id); added_ids.remove(&added_id);