summary refs log tree commit diff
diff options
context:
space:
mode:
authorErik Johnston <erik@matrix.org>2015-08-21 10:57:47 +0100
committerErik Johnston <erik@matrix.org>2015-08-21 10:57:47 +0100
commitaa3c9c7bd0736bca1b3626c87535192b89431583 (patch)
tree284705c17078df9e83fba52ca87743bfacfce3a6
parentFix bug where we didn't correctly serialize the redacted_because key over fed... (diff)
downloadsynapse-aa3c9c7bd0736bca1b3626c87535192b89431583.tar.xz
Don't allow people to register user ids which only differ by case to an existing one
-rw-r--r--synapse/handlers/register.py4
-rw-r--r--synapse/storage/registration.py11
2 files changed, 13 insertions, 2 deletions
diff --git a/synapse/handlers/register.py b/synapse/handlers/register.py
index 39392d9fdd..86390a3671 100644
--- a/synapse/handlers/register.py
+++ b/synapse/handlers/register.py
@@ -57,8 +57,8 @@ class RegistrationHandler(BaseHandler):
 
         yield self.check_user_id_is_valid(user_id)
 
-        u = yield self.store.get_user_by_id(user_id)
-        if u:
+        users = yield self.store.get_users_by_id_case_insensitive(user_id)
+        if users:
             raise SynapseError(
                 400,
                 "User ID already taken.",
diff --git a/synapse/storage/registration.py b/synapse/storage/registration.py
index bf803f2c6e..25adecaf6d 100644
--- a/synapse/storage/registration.py
+++ b/synapse/storage/registration.py
@@ -98,6 +98,17 @@ class RegistrationStore(SQLBaseStore):
             allow_none=True,
         )
 
+    def get_users_by_id_case_insensitive(self, user_id):
+        def f(txn):
+            sql = (
+                "SELECT name, password_hash FROM users"
+                " WHERE name = lower(?)"
+            )
+            txn.execute(sql, (user_id,))
+            return self.cursor_to_dict(txn)
+
+        return self.runInteraction("get_users_by_id_case_insensitive", f)
+
     @defer.inlineCallbacks
     def user_set_password_hash(self, user_id, password_hash):
         """