feat: Verify the rayo JvbRoomName header if it exists. #1166
Conversation
| @@ -82,6 +78,17 @@ class JigasiIqHandler( | |||
| } | |||
| } | |||
|
|
|||
| val roomNameHeader = request.iq.getHeader("JvbRoomName") | |||
There was a problem hiding this comment.
Does this search the whole structure of the stanza? Cause the dial-iq is like:
<iq to = '[email protected]/focus' type = 'set' xml:lang = 'en'
id = ''
from = '[email protected]/36ff70d6'>
<dial to = 'jitsi_meet_transcribe' xmlns = 'urn:xmpp:rayo:1' from = 'fromnumber'>
<header value = '[email protected]' name = 'JvbRoomName' />
</dial>
</iq>
There was a problem hiding this comment.
I think so, this is the getHeader from RayoIq
https://github.com/jitsi/jitsi-xmpp-extensions/blob/3816e5a154160056290c2a2fbff1ab63cbac95e0/src/main/java/org/jitsi/xmpp/extensions/rayo/RayoIq.java#L55
There was a problem hiding this comment.
But that gets all direct child extensions and the only child of the IQ is a dial extension. The header is the child of the dial extension.
There was a problem hiding this comment.
Oh this method gets the DialIq request: IqRequest<DialIq>. Sorry for the noise.
There was a problem hiding this comment.
I think this test verifies it works as expected?
https://github.com/jitsi/jitsi-xmpp-extensions/blob/3816e5a154160056290c2a2fbff1ab63cbac95e0/src/test/java/org/jitsi/xmpp/extensions/rayo/DialIqProviderTest.java#L138
Note it's just a precaution, prosody already verifies it.