summary refs log tree commit diff
diff options
context:
space:
mode:
authorKegan Dougal <kegan@matrix.org>2015-02-05 16:46:56 +0000
committerKegan Dougal <kegan@matrix.org>2015-02-05 16:46:56 +0000
commitcab4c730885dcb5c95a50d425d6b6f655154a173 (patch)
treebbe7a2e6b558c08700c3640ce3640a83c97cd0bf
parentPrevent aliases in AS namespaces being created/deleted by users. Check with A... (diff)
downloadsynapse-cab4c730885dcb5c95a50d425d6b6f655154a173.tar.xz
Prevent user IDs in AS namespaces being created/deleted by humans.
-rw-r--r--synapse/handlers/register.py16
1 files changed, 16 insertions, 0 deletions
diff --git a/synapse/handlers/register.py b/synapse/handlers/register.py
index 08cd5fd720..b6e19d498c 100644
--- a/synapse/handlers/register.py
+++ b/synapse/handlers/register.py
@@ -65,6 +65,8 @@ class RegistrationHandler(BaseHandler):
             user = UserID(localpart, self.hs.hostname)
             user_id = user.to_string()
 
+            yield self.check_user_id_is_valid(user_id)
+
             token = self._generate_token(user_id)
             yield self.store.register(
                 user_id=user_id,
@@ -83,6 +85,7 @@ class RegistrationHandler(BaseHandler):
                     localpart = self._generate_user_id()
                     user = UserID(localpart, self.hs.hostname)
                     user_id = user.to_string()
+                    yield self.check_user_id_is_valid(user_id)
 
                     token = self._generate_token(user_id)
                     yield self.store.register(
@@ -148,6 +151,19 @@ class RegistrationHandler(BaseHandler):
             # XXX: This should be a deferred list, shouldn't it?
             yield self._bind_threepid(c, user_id)
 
+    @defer.inlineCallbacks
+    def check_user_id_is_valid(self, user_id):
+        # valid user IDs must not clash with any user ID namespaces claimed by
+        # application services.
+        services = yield self.store.get_app_services()
+        interested_services = [
+            s for s in services if s.is_interested_in_user(user_id)
+        ]
+        if len(interested_services) > 0:
+            raise SynapseError(
+                400, "This user ID is reserved by an application service."
+            )
+
     def _generate_token(self, user_id):
         # urlsafe variant uses _ and - so use . as the separator and replace
         # all =s with .s so http clients don't quote =s when it is used as