diff options
| author | Vitor Mattos <vitor@php.rio> | 2023-01-03 12:33:36 -0300 |
|---|---|---|
| committer | Vitor Mattos <vitor@php.rio> | 2023-01-03 12:33:36 -0300 |
| commit | 555b74c733e2e67ada66407013361d521e207d37 (patch) | |
| tree | b215816a758eafb2136b1dabe55fc92dfd0c2c03 | |
| parent | 5484a27cf2b81a6e3797a5b9365f270f15ac0b33 (diff) | |
Changes after code review
Signed-off-by: Vitor Mattos <vitor@php.rio>
| -rw-r--r-- | docs/recording.md | 27 | ||||
| -rw-r--r-- | lib/Service/RecordingService.php | 12 | ||||
| -rw-r--r-- | tests/php/Service/RecordingServiceTest.php | 8 |
3 files changed, 23 insertions, 24 deletions
diff --git a/docs/recording.md b/docs/recording.md index 2b8512b9c..463e0f2c6 100644 --- a/docs/recording.md +++ b/docs/recording.md @@ -53,21 +53,22 @@ * Data: -| field | type | Description | -| ------- | ------ | ----------------------------------------------- | -| `file` | string | Blob of image in a multipart/form-data request. | -| `owner` | string | The moderator/owner of room. | +| field | type | Description | +| ------- | ------ | --------------------------------------------------------- | +| `file` | string | File with the recording in a multipart/form-data request. | +| `owner` | string | The person that started the recording. | * Response: - Status code: + `200 OK` - + `400 Bad Request` Message: `invalid_file`. File in block list or invalid. - + `400 Bad Request` Message: `empty_file`. Invalid file extension. - + `400 Bad Request` Message: `file_mimetype`. Invalid mimetype. - + `400 Bad Request` Message: `file_name`. Invalid file name. - + `400 Bad Request` Message: `file_extension`. Invalid file extension. - + `400 Bad Request` Message: `owner_participant`. Onwer need to be a participant of room. - + `400 Bad Request` Message: `owner_invalid`. Onwer invalid. - + `400 Bad Request` Message: `owner_permission`. Onwer have not permission to store record file. + + `400 Bad Request` Error: `invalid_file`: File in block list or invalid + + `400 Bad Request` Error: `empty_file`: Invalid file extension + + `400 Bad Request` Error: `file_mimetype`: Invalid mimetype + + `400 Bad Request` Error: `file_name`. :nvalid file name + + `400 Bad Request` Error: `file_extension`: Invalid file extension + + `400 Bad Request` Error: `owner_participant`: Owner is not to be a participant of room + + `400 Bad Request` Error: `owner_invalid`: Owner invalid + + `400 Bad Request` Error: `owner_permission`: Owner have not permission to store record file + `401 Unauthorized` When the validation as SIP bridge failed - + `404 Not Found` Invalid room or brute force identified. + + `404 Not Found` Room not found + + `429 Too Many Request` Brute force protection diff --git a/lib/Service/RecordingService.php b/lib/Service/RecordingService.php index f1e70fb55..026c8382c 100644 --- a/lib/Service/RecordingService.php +++ b/lib/Service/RecordingService.php @@ -26,7 +26,6 @@ declare(strict_types=1); namespace OCA\Talk\Service; use InvalidArgumentException; -use OC\Files\Filesystem; use OC\User\NoUserException; use OCA\Talk\Config; use OCA\Talk\Exceptions\ParticipantNotFoundException; @@ -63,8 +62,8 @@ class RecordingService { public function store(Room $room, string $owner, array $file): void { $content = $this->getContentFromFileArray($file); - $recordFileName = $this->sanitizeFileName($file['name']); - $this->validateFileFormat($recordFileName, $content); + $this->validateFileName($file['name']); + $this->validateFileFormat($file['name'], $content); try { $this->participantService->getParticipant($room, $owner); @@ -74,7 +73,7 @@ class RecordingService { try { $recordingFolder = $this->getRecordingFolder($owner, $room->getToken()); - $recordingFolder->newFile($recordFileName, $content); + $recordingFolder->newFile($file['name'], $content); } catch (NoUserException $e) { throw new InvalidArgumentException('owner_invalid'); } catch (NotPermittedException $e) { @@ -85,8 +84,7 @@ class RecordingService { public function getContentFromFileArray(array $file): string { if ( $file['error'] !== 0 || - !is_uploaded_file($file['tmp_name']) || - Filesystem::isFileBlacklisted($file['tmp_name']) + !is_uploaded_file($file['tmp_name']) ) { throw new InvalidArgumentException('invalid_file'); } @@ -113,7 +111,7 @@ class RecordingService { } } - public function sanitizeFileName(string $fileName): string { + public function validateFileName(string $fileName): string { $recordFileName = escapeshellcmd($fileName); $recordFileName = pathinfo($recordFileName, PATHINFO_BASENAME); if ($recordFileName !== $fileName) { diff --git a/tests/php/Service/RecordingServiceTest.php b/tests/php/Service/RecordingServiceTest.php index b259f579c..8b3f9daaf 100644 --- a/tests/php/Service/RecordingServiceTest.php +++ b/tests/php/Service/RecordingServiceTest.php @@ -72,17 +72,17 @@ class RecordingServiceTest extends TestCase { } /** - * @dataProvider dataSanitizeFileName + * @dataProvider dataValidateFileName */ - public function testSanitizeFileName(string $name, string $expected, string $exceptionMessage): void { + public function testValidateFileName(string $name, string $expected, string $exceptionMessage): void { if ($exceptionMessage) { $this->expectExceptionMessage($exceptionMessage); } - $actual = $this->recordingService->sanitizeFileName($name); + $actual = $this->recordingService->validateFileName($name); $this->assertEquals($expected, $actual); } - public function dataSanitizeFileName(): array { + public function dataValidateFileName(): array { return [ ['a/b', '', 'file_name'], ['a`b', '', 'file_name'], |