char/conduit
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

fix: only allow valid usernames in /register

Browse source
This commit is contained in:
timokoesters 2020-05-13 10:41:51 +02:00
parent 00a9424719
commit d08f91d1c3
No known key found for this signature in database
GPG key ID: 24DA7517711A2BA4
3 changed files with 21 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -1,2 +1,4 @@
/target /target
**/*.rs.bk **/*.rs.bk
Rocket.toml

10
Rocket.toml
View file

@ -1,8 +1,8 @@
[global] [global]
hostname = "matrixtesting.koesters.xyz:59003" server_name = "your.server.name"
port = 59003 port = 8448
address = "0.0.0.0" address = "0.0.0.0"
[global.tls] #[global.tls]
certs = "/etc/letsencrypt/live/matrixtesting.koesters.xyz/fullchain.pem" #certs = "/etc/letsencrypt/live/your.server.name/fullchain.pem"
key = "/etc/letsencrypt/live/matrixtesting.koesters.xyz/privkey.pem" #key = "/etc/letsencrypt/live/your.server.name/privkey.pem"

25
src/client_server.rs
View file

@ -65,9 +65,12 @@ pub fn get_register_available_route(
body: Ruma<get_username_availability::Request>, body: Ruma<get_username_availability::Request>,
) -> MatrixResult<get_username_availability::Response> { ) -> MatrixResult<get_username_availability::Response> {
// Validate user id // Validate user id
let user_id: UserId = let user_id =
match (*format!("@{}:{}", body.username.clone(), db.globals.server_name())).try_into() { match UserId::parse_with_server_name(body.username.clone(), db.globals.server_name())
Err(_) => { .ok()
.filter(|user_id| !user_id.is_historical())
{
None => {
debug!("Username invalid"); debug!("Username invalid");
return MatrixResult(Err(Error { return MatrixResult(Err(Error {
kind: ErrorKind::InvalidUsername, kind: ErrorKind::InvalidUsername,
@ -75,7 +78,7 @@ pub fn get_register_available_route(
status_code: http::StatusCode::BAD_REQUEST, status_code: http::StatusCode::BAD_REQUEST,
})); }));
} }
Ok(user_id) => user_id, Some(user_id) => user_id,
}; };
// Check if username is creative enough // Check if username is creative enough
@ -112,16 +115,16 @@ pub fn register_route(
} }
// Validate user id // Validate user id
let user_id: UserId = match (*format!( let user_id = match UserId::parse_with_server_name(
"@{}:{}",
body.username body.username
.clone() .clone()
.unwrap_or_else(|| utils::random_string(GUEST_NAME_LENGTH)), .unwrap_or_else(|| utils::random_string(GUEST_NAME_LENGTH)),
db.globals.server_name() db.globals.server_name(),
)) )
.try_into() .ok()
.filter(|user_id| !user_id.is_historical())
{ {
Err(_) => { None => {
debug!("Username invalid"); debug!("Username invalid");
return MatrixResult(Err(UiaaResponse::MatrixError(Error { return MatrixResult(Err(UiaaResponse::MatrixError(Error {
kind: ErrorKind::InvalidUsername, kind: ErrorKind::InvalidUsername,
@ -129,7 +132,7 @@ pub fn register_route(
status_code: http::StatusCode::BAD_REQUEST, status_code: http::StatusCode::BAD_REQUEST,
}))); })));
} }
Ok(user_id) => user_id, Some(user_id) => user_id,
}; };
// Check if username is creative enough // Check if username is creative enough