From 7fa8a9737184c8c2561e85bec28ba7fa645d1cc2 Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Tue, 13 Feb 2018 18:20:57 +0100
Subject: [PATCH] Do not allow one2one calling yourself

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 lib/Controller/RoomController.php                   |  4 ++++
 .../features/bootstrap/FeatureContext.php           | 13 +++++++++++++
 tests/integration/features/one-to-one.feature       |  5 +++++
 3 files changed, 22 insertions(+)

diff --git a/lib/Controller/RoomController.php b/lib/Controller/RoomController.php
index 0977daddb..7bb6f1950 100644
--- a/lib/Controller/RoomController.php
+++ b/lib/Controller/RoomController.php
@@ -339,6 +339,10 @@ class RoomController extends OCSController {
 			return new DataResponse([], Http::STATUS_NOT_FOUND);
 		}
 
+		if ($this->userId === $targetUserName) {
+			return new DataResponse([], Http::STATUS_FORBIDDEN);
+		}
+
 		// If room exists: Reuse that one, otherwise create a new one.
 		try {
 			$room = $this->manager->getOne2OneRoom($this->userId, $targetUser->getUID());
diff --git a/tests/integration/features/bootstrap/FeatureContext.php b/tests/integration/features/bootstrap/FeatureContext.php
index 9efb77ead..463121b23 100644
--- a/tests/integration/features/bootstrap/FeatureContext.php
+++ b/tests/integration/features/bootstrap/FeatureContext.php
@@ -163,6 +163,19 @@ class FeatureContext implements Context, SnippetAcceptingContext {
 		self::$tokenToIdentifier[$response['token']] = $identifier;
 	}
 
+	/**
+	 * @Then /^user "([^"]*)" tries to create room with (\d+)$/
+	 *
+	 * @param string $user
+	 * @param int $statusCode
+	 * @param TableNode|null $formData
+	 */
+	public function userTriesToCreateRoom($user, $statusCode, TableNode $formData = null) {
+		$this->setCurrentUser($user);
+		$this->sendRequest('POST', '/apps/spreed/api/v1/room', $formData);
+		$this->assertStatusCode($this->response, $statusCode);
+	}
+
 	/**
 	 * @Then /^user "([^"]*)" joins room "([^"]*)" with (\d+)$/
 	 *
diff --git a/tests/integration/features/one-to-one.feature b/tests/integration/features/one-to-one.feature
index a2a95d487..781e95ec3 100644
--- a/tests/integration/features/one-to-one.feature
+++ b/tests/integration/features/one-to-one.feature
@@ -9,6 +9,11 @@ Feature: one-to-one
     Then user "participant2" is participant of the following rooms
     Then user "participant3" is participant of the following rooms
 
+  Scenario: User1 invites user1 ... that should not work ...
+    When user "participant1" tries to create room with 403
+      | roomType | 1 |
+      | invite   | participant1 |
+
   Scenario: User1 invites user2 to a one2one room and user3 is not part of it
     When user "participant1" creates room "room1"
       | roomType | 1 |