Mercurial > dovecot > core-2.2
changeset 19267:af0ae8ab2be4
push-notification: Allow OX driver to use "user" from METADATA only if user_from_metadata is set.
Otherwise users could send push-notifications to each others' if
imap_metadata=yes.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Thu, 01 Oct 2015 13:45:17 +0300 |
parents | 7cbb955a3d44 |
children | 5f883bc3f380 |
files | src/plugins/push-notification/push-notification-driver-ox.c |
diffstat | 1 files changed, 9 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/src/plugins/push-notification/push-notification-driver-ox.c Thu Oct 01 12:49:25 2015 +0300 +++ b/src/plugins/push-notification/push-notification-driver-ox.c Thu Oct 01 13:45:17 2015 +0300 @@ -38,11 +38,12 @@ struct push_notification_driver_ox_config { struct http_url *http_url; const char *cached_ox_metadata; + bool use_unsafe_username; }; /* This is data specific to an OX driver transaction. */ struct push_notification_driver_ox_txn { - const char *user; + const char *unsafe_user; }; static void @@ -81,6 +82,8 @@ url, error); return -1; } + dconfig->use_unsafe_username = + hash_table_lookup(config->config, (const char *)"user_from_metadata") != NULL; push_notification_driver_debug(OX_LOG_LABEL, user, "Using URL %s", url); @@ -210,17 +213,17 @@ if (value != NULL) { key = t_strdup_until(key, value++); if (strcmp(key, "user") == 0) { - txn->user = p_strdup(dtxn->ptxn->pool, value); + txn->unsafe_user = p_strdup(dtxn->ptxn->pool, value); } } } - if (txn->user == NULL) { + if (txn->unsafe_user == NULL) { i_error(OX_LOG_LABEL "No user provided in config"); return FALSE; } - push_notification_driver_debug(OX_LOG_LABEL, user, "User (%s)", txn->user); + push_notification_driver_debug(OX_LOG_LABEL, user, "User (%s)", txn->unsafe_user); for (; *events != NULL; events++) { if (strcmp(*events, "MessageNew") == 0) { @@ -299,7 +302,8 @@ str = str_new(default_pool, 256); str_append(str, "{\"user\":\""); - json_append_escaped(str, txn->user); + json_append_escaped(str, dconfig->use_unsafe_username ? + txn->unsafe_user : user->username); str_append(str, "\",\"event\":\"messageNew\",\"folder\":\""); json_append_escaped(str, msg->mailbox); str_printfa(str, "\",\"imap-uidvalidity\":%u,\"imap-uid\":%u",