mirror of
https://git.anonymousland.org/anonymousland/synapse.git
synced 2025-01-27 18:46:59 -05:00
Limit UserIds to a length that fits in a state key (#5198)
This commit is contained in:
parent
291e1eea5e
commit
3787133c9e
1
changelog.d/5198.bugfix
Normal file
1
changelog.d/5198.bugfix
Normal file
@ -0,0 +1 @@
|
|||||||
|
Prevent registration for user ids that are to long to fit into a state key. Contributed by Reid Anderson.
|
@ -23,6 +23,9 @@ MAX_DEPTH = 2**63 - 1
|
|||||||
# the maximum length for a room alias is 255 characters
|
# the maximum length for a room alias is 255 characters
|
||||||
MAX_ALIAS_LENGTH = 255
|
MAX_ALIAS_LENGTH = 255
|
||||||
|
|
||||||
|
# the maximum length for a user id is 255 characters
|
||||||
|
MAX_USERID_LENGTH = 255
|
||||||
|
|
||||||
|
|
||||||
class Membership(object):
|
class Membership(object):
|
||||||
|
|
||||||
|
@ -19,7 +19,7 @@ import logging
|
|||||||
from twisted.internet import defer
|
from twisted.internet import defer
|
||||||
|
|
||||||
from synapse import types
|
from synapse import types
|
||||||
from synapse.api.constants import LoginType
|
from synapse.api.constants import MAX_USERID_LENGTH, LoginType
|
||||||
from synapse.api.errors import (
|
from synapse.api.errors import (
|
||||||
AuthError,
|
AuthError,
|
||||||
Codes,
|
Codes,
|
||||||
@ -123,6 +123,15 @@ class RegistrationHandler(BaseHandler):
|
|||||||
|
|
||||||
self.check_user_id_not_appservice_exclusive(user_id)
|
self.check_user_id_not_appservice_exclusive(user_id)
|
||||||
|
|
||||||
|
if len(user_id) > MAX_USERID_LENGTH:
|
||||||
|
raise SynapseError(
|
||||||
|
400,
|
||||||
|
"User ID may not be longer than %s characters" % (
|
||||||
|
MAX_USERID_LENGTH,
|
||||||
|
),
|
||||||
|
Codes.INVALID_USERNAME
|
||||||
|
)
|
||||||
|
|
||||||
users = yield self.store.get_users_by_id_case_insensitive(user_id)
|
users = yield self.store.get_users_by_id_case_insensitive(user_id)
|
||||||
if users:
|
if users:
|
||||||
if not guest_access_token:
|
if not guest_access_token:
|
||||||
|
@ -228,3 +228,10 @@ class RegistrationTestCase(unittest.HomeserverTestCase):
|
|||||||
def test_register_not_support_user(self):
|
def test_register_not_support_user(self):
|
||||||
res = self.get_success(self.handler.register(localpart='user'))
|
res = self.get_success(self.handler.register(localpart='user'))
|
||||||
self.assertFalse(self.store.is_support_user(res[0]))
|
self.assertFalse(self.store.is_support_user(res[0]))
|
||||||
|
|
||||||
|
def test_invalid_user_id_length(self):
|
||||||
|
invalid_user_id = "x" * 256
|
||||||
|
self.get_failure(
|
||||||
|
self.handler.register(localpart=invalid_user_id),
|
||||||
|
SynapseError
|
||||||
|
)
|
||||||
|
Loading…
x
Reference in New Issue
Block a user