imip-agent

Change of imiptools/handlers/person.py

94:6b06a116e90b
imiptools/handlers/person.py
     1.1 --- a/imiptools/handlers/person.py	Wed Oct 29 01:05:08 2014 +0100
     1.2 +++ b/imiptools/handlers/person.py	Wed Oct 29 18:46:58 2014 +0100
     1.3 @@ -18,13 +18,18 @@
     1.4  
     1.5      "Handling mechanisms specific to people."
     1.6  
     1.7 -    def _record_and_deliver(self, objtype, queue=False):
     1.8 +    def _record_and_deliver(self, objtype, from_organiser=True, queue=False):
     1.9  
    1.10          oa = self.require_organiser_and_attendees()
    1.11          if not oa:
    1.12              return False
    1.13  
    1.14 -        (organiser, organiser_attr), attendees = oa
    1.15 +        (organiser, organiser_attr), attendees = organiser_item, attendees = oa
    1.16 +
    1.17 +        # Validate the organiser or attendee, ignoring spoofed requests.
    1.18 +
    1.19 +        if not self.validate_identities(from_organiser and [organiser_item] or attendees):
    1.20 +            return False
    1.21  
    1.22          # Process each attendee separately.
    1.23  
    1.24 @@ -108,14 +113,14 @@
    1.25  
    1.26          "Record replies and notify the recipient."
    1.27  
    1.28 -        self._record_and_deliver("VEVENT", False)
    1.29 +        self._record_and_deliver("VEVENT", from_organiser=False, queue=False)
    1.30          return PersonHandler.reply(self)
    1.31  
    1.32      def request(self):
    1.33  
    1.34          "Hold requests and notify the recipient."
    1.35  
    1.36 -        self._record_and_deliver("VEVENT", True)
    1.37 +        self._record_and_deliver("VEVENT", from_organiser=True, queue=True)
    1.38  
    1.39          # The message is now wrapped and passed on to the recipient.
    1.40  
    1.41 @@ -138,7 +143,7 @@
    1.42  
    1.43          "Record replies and notify the recipient."
    1.44  
    1.45 -        self._record_and_deliver("VFREEBUSY", False)
    1.46 +        self._record_and_deliver("VFREEBUSY", from_organiser=False, queue=False)
    1.47          return PersonHandler.reply(self)
    1.48  
    1.49      def request(self):
    1.50 @@ -155,7 +160,12 @@
    1.51          if not oa:
    1.52              return None
    1.53  
    1.54 -        (organiser, organiser_attr), attendees = oa
    1.55 +        (organiser, organiser_attr), attendees = organiser_item, attendees = oa
    1.56 +
    1.57 +        # Validate the organiser, ignoring spoofed requests.
    1.58 +
    1.59 +        if not self.validate_identities([organiser_item]):
    1.60 +            return None
    1.61  
    1.62          # Construct an appropriate fragment.
    1.63  
    1.64 @@ -268,14 +278,14 @@
    1.65  
    1.66          "Record replies and notify the recipient."
    1.67  
    1.68 -        self._record_and_deliver("VTODO", False)
    1.69 +        self._record_and_deliver("VTODO", from_organiser=False, queue=False)
    1.70          return PersonHandler.reply(self)
    1.71  
    1.72      def request(self):
    1.73  
    1.74          "Hold requests and notify the recipient."
    1.75  
    1.76 -        self._record_and_deliver("VTODO", True)
    1.77 +        self._record_and_deliver("VTODO", from_organiser=True, queue=True)
    1.78  
    1.79          # The message is now wrapped and passed on to the recipient.
    1.80