From 38b1cbd014fc101eb0245d09b5a87ea782581ed7 Mon Sep 17 00:00:00 2001 From: Jean Raby Date: Wed, 27 Jun 2012 16:06:20 +0000 Subject: [PATCH] * SoObjects/Appointments/SOGoAppointmentObject.m (PUTAction:): detect conflicting event UID and deny the request accordingly. * Tests/Integration/test-caldav-scheduling.py: new test for bug #1853 Monotone-Parent: 32e30de409bdd4e864d0c454e1939c809fb8edcd Monotone-Revision: a4ef73c2ad79c8da8d8e0c93767ab06e14bc846b Monotone-Author: jraby@inverse.ca Monotone-Date: 2012-06-27T16:06:20 --- ChangeLog | 6 ++++ .../Appointments/SOGoAppointmentObject.m | 12 +++++++- Tests/Integration/test-caldav-scheduling.py | 28 +++++++++++++++++++ 3 files changed, 45 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index bd5358d4e..d87b63f59 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2012-06-27 Jean Raby + + * SoObjects/Appointments/SOGoAppointmentObject.m + (PUTAction:): detect conflicting event UID and + deny the request accordingly. + 2012-06-21 Ludovic Marcotte * Added the SOGoSearchMinimumWordLength domain diff --git a/SoObjects/Appointments/SOGoAppointmentObject.m b/SoObjects/Appointments/SOGoAppointmentObject.m index e85bdeec0..ad50e0ddf 100644 --- a/SoObjects/Appointments/SOGoAppointmentObject.m +++ b/SoObjects/Appointments/SOGoAppointmentObject.m @@ -1756,15 +1756,25 @@ inRecurrenceExceptionsForEvent: (iCalEvent *) theEvent { iCalCalendar *calendar; SOGoUser *ownerUser; - iCalEvent *event; + iCalEvent *event, *conflictingEvent; + NSString *eventUID; BOOL scheduling; calendar = [iCalCalendar parseSingleFromSource: [rq contentAsString]]; event = [[calendar events] objectAtIndex: 0]; + eventUID = [event uid]; ownerUser = [SOGoUser userWithLogin: owner]; scheduling = [self _shouldScheduleEvent: [event organizer]]; + + // make sure eventUID doesn't conflict with an existing event - see bug #1853 + // TODO: send out a no-uid-conflict (DAV:href) xml element (rfc4791 section 5.3.2.1) + if (conflictingEvent = [container resourceNameForEventUID: eventUID]) + { + NSString *reason = [NSString stringWithFormat: @"Event UID already in use. (%s)", eventUID]; + return [NSException exceptionWithHTTPStatus:403 reason: reason]; + } // // New event and we're the organizer -- send invitation to all attendees diff --git a/Tests/Integration/test-caldav-scheduling.py b/Tests/Integration/test-caldav-scheduling.py index f864b3e1a..06b8e2991 100755 --- a/Tests/Integration/test-caldav-scheduling.py +++ b/Tests/Integration/test-caldav-scheduling.py @@ -4,6 +4,9 @@ # attendee1_delegate_username and superuser. # when writing new tests, avoid using superuser when not absolutely needed +# TODO +# - Individual tests should set the ACLs themselves on Resources tests + from config import hostname, port, username, password, \ superuser, superuser_password, \ attendee1, attendee1_username, \ @@ -791,6 +794,31 @@ class CalDAVSchedulingTest(unittest.TestCase): for attendee in org_ev.vevent.attendee_list: self.assertNotEqual(self.user_email, attendee.value) + def testEventsWithSameUID(self): + """ PUT 2 events with the same UID - bug #1853 """ + + ics_name = "test-same-uid.ics" + self.ics_list += [ics_name] + + self._deleteEvent(self.client, + "%s%s" % (self.user_calendar, ics_name), None) + + conflict_ics_name = "test-same-uid-conflict.ics" + self.ics_list += [ics_name] + + self._deleteEvent(self.client, + "%s%s" % (self.user_calendar, conflict_ics_name), None) + + # 1. create simple event + summary="same uid" + uid=summary + event = self._newEvent(summary, uid) + + self._putEvent(self.client, "%s%s" % (self.user_calendar, ics_name), event) + + # PUT the same event with a new filename - should trigger a 403 + self._putEvent(self.client, "%s%s" % (self.user_calendar, conflict_ics_name), event, exp_status=403) + def testInvitationDelegation(self): """ invitation delegation """