From 0e3d9af2b1742c5b7d7eb66f117562eba7c94d87 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Tue, 9 Jan 2024 10:02:43 +0100 Subject: [PATCH] fix(bots): Don't allow empty messages from bots Signed-off-by: Joas Schilling --- docs/bots.md | 2 +- lib/Controller/BotController.php | 6 +++++- openapi.json | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/docs/bots.md b/docs/bots.md index a4705e01b1d..11ae66c25e6 100644 --- a/docs/bots.md +++ b/docs/bots.md @@ -106,7 +106,7 @@ Bots can also send message. On the sending process the same signature/verificati * Response: - Status code: + `201 Created` When the message was posted successfully - + `400 Bad Request` When the provided replyTo parameter is invalid + + `400 Bad Request` When the provided replyTo parameter is invalid or the message is empty + `401 Unauthenticated` When the bot could not be verified for the conversation + `404 Not Found` When the conversation could not be found + `413 Payload Too Large` When the message was longer than the allowed limit of 32000 characters (or 1000 until Nextcloud 16.0.1, check the `spreed => config => chat => max-length` capability for the limit) diff --git a/lib/Controller/BotController.php b/lib/Controller/BotController.php index 9f17ce35a2b..356cb2cf765 100644 --- a/lib/Controller/BotController.php +++ b/lib/Controller/BotController.php @@ -134,7 +134,7 @@ protected function getBotFromHeaders(string $token, string $message): Bot { * @return DataResponse, array{}> * * 201: Message sent successfully - * 400: Sending message is not possible + * 400: When the replyTo is invalid or message is empty * 401: Sending message is not allowed * 404: Room or session not found * 413: Message too long @@ -142,6 +142,10 @@ protected function getBotFromHeaders(string $token, string $message): Bot { #[BruteForceProtection(action: 'bot')] #[PublicPage] public function sendMessage(string $token, string $message, string $referenceId = '', int $replyTo = 0, bool $silent = false): DataResponse { + if (trim($message) === '') { + return new DataResponse([], Http::STATUS_BAD_REQUEST); + } + try { $bot = $this->getBotFromHeaders($token, $message); } catch (\InvalidArgumentException $e) { diff --git a/openapi.json b/openapi.json index 40ba28b1ab0..4b3782e3a11 100644 --- a/openapi.json +++ b/openapi.json @@ -1810,7 +1810,7 @@ } }, "400": { - "description": "Sending message is not possible", + "description": "When the replyTo is invalid or message is empty", "content": { "application/json": { "schema": {