Skip to content

Commit

Permalink
fix(bots): Don't allow empty messages from bots
Browse files Browse the repository at this point in the history
Signed-off-by: Joas Schilling <coding@schilljs.com>
  • Loading branch information
nickvergessen committed Jan 9, 2024
1 parent b71960e commit 0e3d9af
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 3 deletions.
2 changes: 1 addition & 1 deletion docs/bots.md
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ Bots can also send message. On the sending process the same signature/verificati
* Response:
- Status code:
+ `201 Created` When the message was posted successfully
+ `400 Bad Request` When the provided replyTo parameter is invalid
+ `400 Bad Request` When the provided replyTo parameter is invalid or the message is empty
+ `401 Unauthenticated` When the bot could not be verified for the conversation
+ `404 Not Found` When the conversation could not be found
+ `413 Payload Too Large` When the message was longer than the allowed limit of 32000 characters (or 1000 until Nextcloud 16.0.1, check the `spreed => config => chat => max-length` capability for the limit)
Expand Down
6 changes: 5 additions & 1 deletion lib/Controller/BotController.php
Original file line number Diff line number Diff line change
Expand Up @@ -134,14 +134,18 @@ protected function getBotFromHeaders(string $token, string $message): Bot {
* @return DataResponse<Http::STATUS_CREATED|Http::STATUS_BAD_REQUEST|Http::STATUS_UNAUTHORIZED|Http::STATUS_REQUEST_ENTITY_TOO_LARGE, array<empty>, array{}>
*
* 201: Message sent successfully
* 400: Sending message is not possible
* 400: When the replyTo is invalid or message is empty
* 401: Sending message is not allowed
* 404: Room or session not found
* 413: Message too long
*/
#[BruteForceProtection(action: 'bot')]
#[PublicPage]
public function sendMessage(string $token, string $message, string $referenceId = '', int $replyTo = 0, bool $silent = false): DataResponse {
if (trim($message) === '') {
return new DataResponse([], Http::STATUS_BAD_REQUEST);
}

try {
$bot = $this->getBotFromHeaders($token, $message);
} catch (\InvalidArgumentException $e) {
Expand Down
2 changes: 1 addition & 1 deletion openapi.json
Original file line number Diff line number Diff line change
Expand Up @@ -1810,7 +1810,7 @@
}
},
"400": {
"description": "Sending message is not possible",
"description": "When the replyTo is invalid or message is empty",
"content": {
"application/json": {
"schema": {
Expand Down

0 comments on commit 0e3d9af

Please sign in to comment.