Do not allow one2one calling yourself

Signed-off-by: Joas Schilling <coding@schilljs.com>

lib/Controller/RoomController.php

@@ -339,6 +339,10 @@ class RoomController extends OCSController {
 			return new DataResponse([], Http::STATUS_NOT_FOUND);
 		}
 
+		if ($this->userId === $targetUserName) {
+			return new DataResponse([], Http::STATUS_FORBIDDEN);
+		}
+
 		// If room exists: Reuse that one, otherwise create a new one.
 		try {
 			$room = $this->manager->getOne2OneRoom($this->userId, $targetUser->getUID());

tests/integration/features/bootstrap/FeatureContext.php

@@ -163,6 +163,19 @@ class FeatureContext implements Context, SnippetAcceptingContext {
 		self::$tokenToIdentifier[$response['token']] = $identifier;
 	}
 
+	/**
+	 * @Then /^user "([^"]*)" tries to create room with (\d+)$/
+	 *
+	 * @param string $user
+	 * @param int $statusCode
+	 * @param TableNode|null $formData
+	 */
+	public function userTriesToCreateRoom($user, $statusCode, TableNode $formData = null) {
+		$this->setCurrentUser($user);
+		$this->sendRequest('POST', '/apps/spreed/api/v1/room', $formData);
+		$this->assertStatusCode($this->response, $statusCode);
+	}
+
 	/**
 	 * @Then /^user "([^"]*)" joins room "([^"]*)" with (\d+)$/
 	 *

tests/integration/features/one-to-one.feature

@@ -9,6 +9,11 @@ Feature: one-to-one
     Then user "participant2" is participant of the following rooms
     Then user "participant3" is participant of the following rooms
 
+  Scenario: User1 invites user1 ... that should not work ...
+    When user "participant1" tries to create room with 403
+      | roomType | 1 |
+      | invite   | participant1 |
+
   Scenario: User1 invites user2 to a one2one room and user3 is not part of it
     When user "participant1" creates room "room1"
       | roomType | 1 |