dovecot-2.2: push-notification: Allow OX driver to use "user" fr...

dovecot at dovecot.org dovecot at dovecot.org
Thu Oct 1 10:49:55 UTC 2015 

details:   http://hg.dovecot.org/dovecot-2.2/rev/af0ae8ab2be4
changeset: 19267:af0ae8ab2be4
user:      Timo Sirainen <tss at iki.fi>
date:      Thu Oct 01 13:45:17 2015 +0300
description:
push-notification: Allow OX driver to use "user" from METADATA only if user_from_metadata is set.
Otherwise users could send push-notifications to each others' if
imap_metadata=yes.

diffstat:

 src/plugins/push-notification/push-notification-driver-ox.c |  14 ++++++++----
 1 files changed, 9 insertions(+), 5 deletions(-)

diffs (57 lines):

diff -r 7cbb955a3d44 -r af0ae8ab2be4 src/plugins/push-notification/push-notification-driver-ox.c
--- a/src/plugins/push-notification/push-notification-driver-ox.c	Thu Oct 01 12:49:25 2015 +0300
+++ b/src/plugins/push-notification/push-notification-driver-ox.c	Thu Oct 01 13:45:17 2015 +0300
@@ -38,11 +38,12 @@
 struct push_notification_driver_ox_config {
     struct http_url *http_url;
     const char *cached_ox_metadata;
+    bool use_unsafe_username;
 };
 
 /* This is data specific to an OX driver transaction. */
 struct push_notification_driver_ox_txn {
-    const char *user;
+    const char *unsafe_user;
 };
 
 static void
@@ -81,6 +82,8 @@
                                    url, error);
         return -1;
     }
+    dconfig->use_unsafe_username =
+        hash_table_lookup(config->config, (const char *)"user_from_metadata") != NULL;
 
     push_notification_driver_debug(OX_LOG_LABEL, user, "Using URL %s", url);
 
@@ -210,17 +213,17 @@
         if (value != NULL) {
             key = t_strdup_until(key, value++);
             if (strcmp(key, "user") == 0) {
-                txn->user = p_strdup(dtxn->ptxn->pool, value);
+                txn->unsafe_user = p_strdup(dtxn->ptxn->pool, value);
             }
         }
     }
 
-    if (txn->user == NULL) {
+    if (txn->unsafe_user == NULL) {
         i_error(OX_LOG_LABEL "No user provided in config");
         return FALSE;
     }
 
-    push_notification_driver_debug(OX_LOG_LABEL, user, "User (%s)", txn->user);
+    push_notification_driver_debug(OX_LOG_LABEL, user, "User (%s)", txn->unsafe_user);
 
     for (; *events != NULL; events++) {
         if (strcmp(*events, "MessageNew") == 0) {
@@ -299,7 +302,8 @@
 
     str = str_new(default_pool, 256);
     str_append(str, "{\"user\":\"");
-    json_append_escaped(str, txn->user);
+    json_append_escaped(str, dconfig->use_unsafe_username ?
+                        txn->unsafe_user : user->username);
     str_append(str, "\",\"event\":\"messageNew\",\"folder\":\"");
     json_append_escaped(str, msg->mailbox);
     str_printfa(str, "\",\"imap-uidvalidity\":%u,\"imap-uid\":%u",

More information about the dovecot-cvs mailing list