From d915f98800f1740242a56b0c29b129a686fe1c9d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 29 Aug 2021 23:26:19 +0200 Subject: mod_external_services: Validate required attributes on credentials requests --- plugins/mod_external_services.lua | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_external_services.lua b/plugins/mod_external_services.lua index 1a6c80bd..6fafdb1f 100644 --- a/plugins/mod_external_services.lua +++ b/plugins/mod_external_services.lua @@ -175,7 +175,7 @@ local function handle_credentials(event) local action = stanza.tags[1]; if origin.type ~= "c2s" then - origin.send(st.error_reply(stanza, "auth", "forbidden")); + origin.send(st.error_reply(stanza, "auth", "forbidden", "The 'port' and 'type' attributes are required.")); return true; end @@ -188,6 +188,11 @@ local function handle_credentials(event) local requested_credentials = {}; for service in action:childtags("service") do + if not service.attr.type or not service.attr.host then + origin.send(st.error_reply(stanza, "modify", "bad-request")); + return true; + end + table.insert(requested_credentials, { type = service.attr.type; host = service.attr.host; -- cgit v1.2.3