From d08f91d1c393256e696a78aff6f272b8f6f51f81 Mon Sep 17 00:00:00 2001 From: timokoesters Date: Wed, 13 May 2020 10:41:51 +0200 Subject: [PATCH] fix: only allow valid usernames in /register --- .gitignore | 2 ++ Rocket.toml | 10 +++++----- src/client_server.rs | 25 ++++++++++++++----------- 3 files changed, 21 insertions(+), 16 deletions(-) diff --git a/.gitignore b/.gitignore index 53eaa21..ee48b11 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ /target **/*.rs.bk + +Rocket.toml diff --git a/Rocket.toml b/Rocket.toml index 4a7d79a..fb9f6d6 100644 --- a/Rocket.toml +++ b/Rocket.toml @@ -1,8 +1,8 @@ [global] -hostname = "matrixtesting.koesters.xyz:59003" -port = 59003 +server_name = "your.server.name" +port = 8448 address = "0.0.0.0" -[global.tls] -certs = "/etc/letsencrypt/live/matrixtesting.koesters.xyz/fullchain.pem" -key = "/etc/letsencrypt/live/matrixtesting.koesters.xyz/privkey.pem" +#[global.tls] +#certs = "/etc/letsencrypt/live/your.server.name/fullchain.pem" +#key = "/etc/letsencrypt/live/your.server.name/privkey.pem" diff --git a/src/client_server.rs b/src/client_server.rs index d32134d..e2d4040 100644 --- a/src/client_server.rs +++ b/src/client_server.rs @@ -65,9 +65,12 @@ pub fn get_register_available_route( body: Ruma, ) -> MatrixResult { // Validate user id - let user_id: UserId = - match (*format!("@{}:{}", body.username.clone(), db.globals.server_name())).try_into() { - Err(_) => { + let user_id = + match UserId::parse_with_server_name(body.username.clone(), db.globals.server_name()) + .ok() + .filter(|user_id| !user_id.is_historical()) + { + None => { debug!("Username invalid"); return MatrixResult(Err(Error { kind: ErrorKind::InvalidUsername, @@ -75,7 +78,7 @@ pub fn get_register_available_route( status_code: http::StatusCode::BAD_REQUEST, })); } - Ok(user_id) => user_id, + Some(user_id) => user_id, }; // Check if username is creative enough @@ -112,16 +115,16 @@ pub fn register_route( } // Validate user id - let user_id: UserId = match (*format!( - "@{}:{}", + let user_id = match UserId::parse_with_server_name( body.username .clone() .unwrap_or_else(|| utils::random_string(GUEST_NAME_LENGTH)), - db.globals.server_name() - )) - .try_into() + db.globals.server_name(), + ) + .ok() + .filter(|user_id| !user_id.is_historical()) { - Err(_) => { + None => { debug!("Username invalid"); return MatrixResult(Err(UiaaResponse::MatrixError(Error { kind: ErrorKind::InvalidUsername, @@ -129,7 +132,7 @@ pub fn register_route( status_code: http::StatusCode::BAD_REQUEST, }))); } - Ok(user_id) => user_id, + Some(user_id) => user_id, }; // Check if username is creative enough