Prevent user IDs in AS namespaces being created/deleted by humans.

2015-02-05 16:46:56 +00:00 · 2015-02-05 16:46:56 +00:00 · cab4c73088
parent e9484d6a95
commit cab4c73088
1 changed files with 16 additions and 0 deletions
--- a/synapse/handlers/register.py
+++ b/synapse/handlers/register.py
@ -65,6 +65,8 @@ class RegistrationHandler(BaseHandler):
            user = UserID(localpart, self.hs.hostname)
            user_id = user.to_string()

+            yield self.check_user_id_is_valid(user_id)
+
            token = self._generate_token(user_id)
            yield self.store.register(
                user_id=user_id,
@ -83,6 +85,7 @@ class RegistrationHandler(BaseHandler):
                    localpart = self._generate_user_id()
                    user = UserID(localpart, self.hs.hostname)
                    user_id = user.to_string()
+                    yield self.check_user_id_is_valid(user_id)

                    token = self._generate_token(user_id)
                    yield self.store.register(
@ -148,6 +151,19 @@ class RegistrationHandler(BaseHandler):
            # XXX: This should be a deferred list, shouldn't it?
            yield self._bind_threepid(c, user_id)

+    @defer.inlineCallbacks
+    def check_user_id_is_valid(self, user_id):
+        # valid user IDs must not clash with any user ID namespaces claimed by
+        # application services.
+        services = yield self.store.get_app_services()
+        interested_services = [
+            s for s in services if s.is_interested_in_user(user_id)
+        ]
+        if len(interested_services) > 0:
+            raise SynapseError(
+                400, "This user ID is reserved by an application service."
+            )
+
    def _generate_token(self, user_id):
        # urlsafe variant uses _ and - so use . as the separator and replace
        # all =s with .s so http clients don't quote =s when it is used as