From 166bd07fd9d963309432e8ae6e0599c2f144bb9f Mon Sep 17 00:00:00 2001 From: levlam Date: Mon, 16 Apr 2018 17:30:37 +0300 Subject: [PATCH] Add more checks for Passport field values. Allow empty expiry_date. GitOrigin-RevId: f3119c59c0ba85dbfe4ac1371bfd20fcbaab2ab6 --- td/generate/scheme/td_api.tl | 6 +++--- td/telegram/DeviceTokenManager.cpp | 2 +- td/telegram/SecureValue.cpp | 29 ++++++++++++++++++++++++++++- 3 files changed, 32 insertions(+), 5 deletions(-) diff --git a/td/generate/scheme/td_api.tl b/td/generate/scheme/td_api.tl index 3c0860d6..24311fd9 100644 --- a/td/generate/scheme/td_api.tl +++ b/td/generate/scheme/td_api.tl @@ -835,14 +835,14 @@ passportDataTypeEmailAddress = PassportDataType; //@description Represents a date according to Gregorian calendar @day A day of a month, 1-31 @month A month, 1-12 @year A year, 1-9999 date day:int32 month:int32 year:int32 = Date; -//@description Contains user's personal details @first_name First name of the user @last_name Last name of the user @birthdate Birthdate of the user +//@description Contains user's personal details @first_name First name of the user; 1-255 characters @last_name Last name of the user; 1-255 characters @birthdate Birthdate of the user //@gender Gender of the user, "male" or "female" @country_code A two-letter ISO 3166-1 alpha-2 country code for the user's country personalDetails first_name:string last_name:string birthdate:date gender:string country_code:string = PersonalDetails; -//@description An identity document @number Document's number @expiry_date Document's expiry date @files List of files with the document images @selfie Selfie with the document; may be null +//@description An identity document @number Document's number; 1-24 characters @expiry_date Document's expiry date; may be null @files List of files with the document images @selfie Selfie with the document; may be null identityDocument number:string expiry_date:date files:vector selfie:file = IdentityDocument; -//@description An identity document to save @number Document's number @expiry_date Document's expiry date @files List of files with the document images @selfie Selfie with the document, if available +//@description An identity document to save @number Document's number @expiry_date Document's expiry date, if available @files List of files with the document images @selfie Selfie with the document, if available inputIdentityDocument number:string expiry_date:date files:vector selfie:InputFile = InputIdentityDocument; diff --git a/td/telegram/DeviceTokenManager.cpp b/td/telegram/DeviceTokenManager.cpp index 8e658b57..dd6fee1e 100644 --- a/td/telegram/DeviceTokenManager.cpp +++ b/td/telegram/DeviceTokenManager.cpp @@ -59,7 +59,7 @@ void DeviceTokenManager::TokenInfo::parse(ParserT &parser) { PARSE_FLAG(is_unregister); PARSE_FLAG(is_register); PARSE_FLAG(is_app_sandbox); - END_PARSE_FLAGS(); + // END_PARSE_FLAGS(); CHECK(is_sync + is_unregister + is_register == 1); if (is_sync) { state = State::Sync; diff --git a/td/telegram/SecureValue.cpp b/td/telegram/SecureValue.cpp index 2c8a4046..5a23c999 100644 --- a/td/telegram/SecureValue.cpp +++ b/td/telegram/SecureValue.cpp @@ -422,7 +422,7 @@ static Status check_date(int32 day, int32 month, int32 year) { static Result get_date(td_api::object_ptr &&date) { if (date == nullptr) { - return Status::Error(400, "Date must not be empty"); + return string(); } TRY_STATUS(check_date(date->day_, date->month_, date->year_)); @@ -431,6 +431,9 @@ static Result get_date(td_api::object_ptr &&date) { } static Result> get_date_object(Slice date) { + if (date.empty()) { + return nullptr; + } if (date.size() != 10u) { return Status::Error(400, "Date has wrong size"); } @@ -450,6 +453,12 @@ static Status check_first_name(string &first_name) { if (!clean_input_string(first_name)) { return Status::Error(400, "First name must be encoded in UTF-8"); } + if (first_name.empty()) { + return Status::Error(400, "First name must not be empty"); + } + if (utf8_length(first_name) > 255) { + return Status::Error(400, "First name is too long"); + } return Status::OK(); } @@ -457,6 +466,12 @@ static Status check_last_name(string &last_name) { if (!clean_input_string(last_name)) { return Status::Error(400, "Last name must be encoded in UTF-8"); } + if (last_name.empty()) { + return Status::Error(400, "Last name must not be empty"); + } + if (utf8_length(last_name) > 255) { + return Status::Error(400, "Last name is too long"); + } return Status::OK(); } @@ -474,6 +489,9 @@ static Result get_personal_details(td_api::object_ptrfirst_name_)); TRY_STATUS(check_last_name(personal_details->last_name_)); TRY_RESULT(birthdate, get_date(std::move(personal_details->birthdate_))); + if (birthdate.empty()) { + return Status::Error(400, "Birthdate must not be empty"); + } TRY_STATUS(check_gender(personal_details->gender_)); TRY_STATUS(check_country_code(personal_details->country_code_)); @@ -502,6 +520,9 @@ static Result> get_personal_details_ TRY_RESULT(first_name, get_json_object_string_field(object, "first_name", true)); TRY_RESULT(last_name, get_json_object_string_field(object, "last_name", true)); TRY_RESULT(birthdate, get_json_object_string_field(object, "birth_date", true)); + if (birthdate.empty()) { + return Status::Error(400, "Birthdate must not be empty"); + } TRY_RESULT(gender, get_json_object_string_field(object, "gender", true)); TRY_RESULT(country_code, get_json_object_string_field(object, "country_code", true)); @@ -519,6 +540,12 @@ static Status check_document_number(string &number) { if (!clean_input_string(number)) { return Status::Error(400, "Document number must be encoded in UTF-8"); } + if (number.empty()) { + return Status::Error(400, "Document number must not be empty"); + } + if (utf8_length(number) > 24) { + return Status::Error(400, "Document number is too long"); + } return Status::OK(); }