Merge pull request 'fix: only allow valid usernames in /register' (#14) from fix-register into master

2020-05-13 18:00:18 +02:00 · 2020-05-13 18:00:18 +02:00 · 86e20e6401
commit 86e20e6401
parent 00a9424719 d08f91d1c3
3 changed files with 21 additions and 16 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,4 @@
 /target
 **/*.rs.bk
+
+Rocket.toml
--- a/Rocket.toml
+++ b/Rocket.toml
@ -1,8 +1,8 @@
 [global]
-hostname = "matrixtesting.koesters.xyz:59003"
-port = 59003
+server_name = "your.server.name"
+port = 8448
 address = "0.0.0.0"

-[global.tls]
-certs = "/etc/letsencrypt/live/matrixtesting.koesters.xyz/fullchain.pem"
-key = "/etc/letsencrypt/live/matrixtesting.koesters.xyz/privkey.pem"
+#[global.tls]
+#certs = "/etc/letsencrypt/live/your.server.name/fullchain.pem"
+#key = "/etc/letsencrypt/live/your.server.name/privkey.pem"
--- a/src/client_server.rs
+++ b/src/client_server.rs
@ -65,9 +65,12 @@ pub fn get_register_available_route(
    body: Ruma<get_username_availability::Request>,
 ) -> MatrixResult<get_username_availability::Response> {
    // Validate user id
-    let user_id: UserId =
-        match (*format!("@{}:{}", body.username.clone(), db.globals.server_name())).try_into() {
-            Err(_) => {
+    let user_id =
+        match UserId::parse_with_server_name(body.username.clone(), db.globals.server_name())
+            .ok()
+            .filter(|user_id| !user_id.is_historical())
+        {
+            None => {
                debug!("Username invalid");
                return MatrixResult(Err(Error {
                    kind: ErrorKind::InvalidUsername,
@ -75,7 +78,7 @@ pub fn get_register_available_route(
                    status_code: http::StatusCode::BAD_REQUEST,
                }));
            }
-            Ok(user_id) => user_id,
+            Some(user_id) => user_id,
        };

    // Check if username is creative enough
@ -112,16 +115,16 @@ pub fn register_route(
    }

    // Validate user id
-    let user_id: UserId = match (*format!(
-        "@{}:{}",
+    let user_id = match UserId::parse_with_server_name(
        body.username
            .clone()
            .unwrap_or_else(|| utils::random_string(GUEST_NAME_LENGTH)),
-        db.globals.server_name()
-    ))
-    .try_into()
+        db.globals.server_name(),
+    )
+    .ok()
+    .filter(|user_id| !user_id.is_historical())
    {
-        Err(_) => {
+        None => {
            debug!("Username invalid");
            return MatrixResult(Err(UiaaResponse::MatrixError(Error {
                kind: ErrorKind::InvalidUsername,
@ -129,7 +132,7 @@ pub fn register_route(
                status_code: http::StatusCode::BAD_REQUEST,
            })));
        }
-        Ok(user_id) => user_id,
+        Some(user_id) => user_id,
    };

    // Check if username is creative enough