diff options
author | Erik Johnston <erik@matrix.org> | 2015-08-21 10:57:47 +0100 |
---|---|---|
committer | Erik Johnston <erik@matrix.org> | 2015-08-21 10:57:47 +0100 |
commit | aa3c9c7bd0736bca1b3626c87535192b89431583 (patch) | |
tree | 284705c17078df9e83fba52ca87743bfacfce3a6 | |
parent | Fix bug where we didn't correctly serialize the redacted_because key over fed... (diff) | |
download | synapse-aa3c9c7bd0736bca1b3626c87535192b89431583.tar.xz |
Don't allow people to register user ids which only differ by case to an existing one
-rw-r--r-- | synapse/handlers/register.py | 4 | ||||
-rw-r--r-- | synapse/storage/registration.py | 11 |
2 files changed, 13 insertions, 2 deletions
diff --git a/synapse/handlers/register.py b/synapse/handlers/register.py index 39392d9fdd..86390a3671 100644 --- a/synapse/handlers/register.py +++ b/synapse/handlers/register.py @@ -57,8 +57,8 @@ class RegistrationHandler(BaseHandler): yield self.check_user_id_is_valid(user_id) - u = yield self.store.get_user_by_id(user_id) - if u: + users = yield self.store.get_users_by_id_case_insensitive(user_id) + if users: raise SynapseError( 400, "User ID already taken.", diff --git a/synapse/storage/registration.py b/synapse/storage/registration.py index bf803f2c6e..25adecaf6d 100644 --- a/synapse/storage/registration.py +++ b/synapse/storage/registration.py @@ -98,6 +98,17 @@ class RegistrationStore(SQLBaseStore): allow_none=True, ) + def get_users_by_id_case_insensitive(self, user_id): + def f(txn): + sql = ( + "SELECT name, password_hash FROM users" + " WHERE name = lower(?)" + ) + txn.execute(sql, (user_id,)) + return self.cursor_to_dict(txn) + + return self.runInteraction("get_users_by_id_case_insensitive", f) + @defer.inlineCallbacks def user_set_password_hash(self, user_id, password_hash): """ |