[WAMP] Message verification, fixes #105

Validate all messages follow WAMP protocol
2013-07-20 12:31:44 -04:00 · 2013-07-20 12:31:44 -04:00 · 9a50835637
commit 9a50835637
parent d7cbafb074
5 changed files with 44 additions and 9 deletions
--- a/src/Ratchet/Wamp/ServerProtocol.php
+++ b/src/Ratchet/Wamp/ServerProtocol.php
@ -89,6 +89,10 @@ class ServerProtocol implements MessageComponentInterface, WsServerInterface {
            throw new JsonException;
        }

+        if (!is_array($json) || $json !== array_values($json)) {
+            throw new \UnexpectedValueException("Invalid WAMP message format");
+        }
+
        switch ($json[0]) {
            case static::MSG_PREFIX:
                $from->WAMP->prefixes[$json[1]] = $json[2];
--- a/src/Ratchet/Wamp/WampConnection.php
+++ b/src/Ratchet/Wamp/WampConnection.php
@ -96,7 +96,7 @@ class WampConnection extends AbstractConnectionDecorator {
    /**
     * {@inheritdoc}
     */
-    public function close() {
-        $this->getConnection()->close();
+    public function close($opt = null) {
+        $this->getConnection()->close($opt);
    }
 }
--- a/src/Ratchet/Wamp/WampServer.php
+++ b/src/Ratchet/Wamp/WampServer.php
@ -37,7 +37,13 @@ class WampServer implements MessageComponentInterface, WsServerInterface {
     * {@inheritdoc}
     */
    public function onMessage(ConnectionInterface $conn, $msg) {
+        try {
            $this->wampProtocol->onMessage($conn, $msg);
+        } catch (JsonException $je) {
+            $conn->close(1007);
+        } catch (\UnexpectedValueException $uve) {
+            $conn->close(1007);
+        }
    }

    /**
--- a/tests/unit/Wamp/ServerProtocolTest.php
+++ b/tests/unit/Wamp/ServerProtocolTest.php
@ -247,4 +247,23 @@ class ServerProtocolTest extends \PHPUnit_Framework_TestCase {

        $this->assertContains('wamp', $wamp->getSubProtocols());
    }
+
+    public function badFormatProvider() {
+        return array(
+            array(json_encode(true))
+          , array('{"valid":"json", "invalid": "message"}')
+          , array('{"0": "fail", "hello": "world"}')
+        );
+    }
+
+    /**
+     * @dataProvider badFormatProvider
+     */
+    public function testValidJsonButInvalidProtocol($message) {
+        $this->setExpectedException('\UnexpectedValueException');
+
+        $conn = $this->newConn();
+        $this->_comp->onOpen($conn);
+        $this->_comp->onMessage($conn, $message);
+    }
 }
--- a/tests/unit/Wamp/WampServerTest.php
+++ b/tests/unit/Wamp/WampServerTest.php
@ -7,10 +7,6 @@ use Ratchet\AbstractMessageComponentTestCase;
 * @covers Ratchet\Wamp\WampServer
 */
 class WampServerTest extends AbstractMessageComponentTestCase {
-    private $serv;
-    private $mock;
-    private $conn;
-
    public function getConnectionClassString() {
        return '\Ratchet\Wamp\WampConnection';
    }
@ -41,4 +37,14 @@ class WampServerTest extends AbstractMessageComponentTestCase {
        // todo: could expand on this
        $this->assertInternalType('array', $this->_serv->getSubProtocols());
    }
+
+    public function testConnectionClosesOnInvalidJson() {
+        $this->_conn->expects($this->once())->method('close');
+        $this->_serv->onMessage($this->_conn, 'invalid json');
+    }
+
+    public function testConnectionClosesOnProtocolError() {
+        $this->_conn->expects($this->once())->method('close');
+        $this->_serv->onMessage($this->_conn, json_encode(array('valid' => 'json', 'invalid' => 'protocol')));
+    }
 }