Limit UserIds to a length that fits in a state key (#5198)
parent
291e1eea5e
commit
3787133c9e
|
@ -0,0 +1 @@
|
|||
Prevent registration for user ids that are to long to fit into a state key. Contributed by Reid Anderson.
|
|
@ -23,6 +23,9 @@ MAX_DEPTH = 2**63 - 1
|
|||
# the maximum length for a room alias is 255 characters
|
||||
MAX_ALIAS_LENGTH = 255
|
||||
|
||||
# the maximum length for a user id is 255 characters
|
||||
MAX_USERID_LENGTH = 255
|
||||
|
||||
|
||||
class Membership(object):
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@ import logging
|
|||
from twisted.internet import defer
|
||||
|
||||
from synapse import types
|
||||
from synapse.api.constants import LoginType
|
||||
from synapse.api.constants import MAX_USERID_LENGTH, LoginType
|
||||
from synapse.api.errors import (
|
||||
AuthError,
|
||||
Codes,
|
||||
|
@ -123,6 +123,15 @@ class RegistrationHandler(BaseHandler):
|
|||
|
||||
self.check_user_id_not_appservice_exclusive(user_id)
|
||||
|
||||
if len(user_id) > MAX_USERID_LENGTH:
|
||||
raise SynapseError(
|
||||
400,
|
||||
"User ID may not be longer than %s characters" % (
|
||||
MAX_USERID_LENGTH,
|
||||
),
|
||||
Codes.INVALID_USERNAME
|
||||
)
|
||||
|
||||
users = yield self.store.get_users_by_id_case_insensitive(user_id)
|
||||
if users:
|
||||
if not guest_access_token:
|
||||
|
|
|
@ -228,3 +228,10 @@ class RegistrationTestCase(unittest.HomeserverTestCase):
|
|||
def test_register_not_support_user(self):
|
||||
res = self.get_success(self.handler.register(localpart='user'))
|
||||
self.assertFalse(self.store.is_support_user(res[0]))
|
||||
|
||||
def test_invalid_user_id_length(self):
|
||||
invalid_user_id = "x" * 256
|
||||
self.get_failure(
|
||||
self.handler.register(localpart=invalid_user_id),
|
||||
SynapseError
|
||||
)
|
||||
|
|
Loading…
Reference in New Issue