diff options
author | Erik Johnston <erik@matrix.org> | 2017-10-19 12:01:01 +0100 |
---|---|---|
committer | Erik Johnston <erik@matrix.org> | 2017-10-19 12:01:01 +0100 |
commit | 513c23bfd90b9386f59dea96e5f1ccc609da1c03 (patch) | |
tree | 4261f6d5ed9c0f30ca5c6cf1525759f0dc86dfea /synapse/groups/groups_server.py | |
parent | Fix typo (diff) | |
download | synapse-513c23bfd90b9386f59dea96e5f1ccc609da1c03.tar.xz |
Enforce sensible group IDs
Diffstat (limited to 'synapse/groups/groups_server.py')
-rw-r--r-- | synapse/groups/groups_server.py | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/synapse/groups/groups_server.py b/synapse/groups/groups_server.py index a3a500b9d6..e9b44c0971 100644 --- a/synapse/groups/groups_server.py +++ b/synapse/groups/groups_server.py @@ -16,10 +16,11 @@ from twisted.internet import defer from synapse.api.errors import SynapseError -from synapse.types import UserID, get_domain_from_id, RoomID +from synapse.types import UserID, get_domain_from_id, RoomID, GroupID import logging +import urllib logger = logging.getLogger(__name__) @@ -697,6 +698,8 @@ class GroupsServerHandler(object): def create_group(self, group_id, user_id, content): group = yield self.check_group_is_ours(group_id) + _validate_group_id(group_id) + logger.info("Attempting to create group with ID: %r", group_id) if group: raise SynapseError(400, "Group already exists") @@ -773,3 +776,18 @@ def _parse_visibility_from_contents(content): is_public = True return is_public + + +def _validate_group_id(group_id): + """Validates the group ID is valid for creation on this home server + """ + localpart = GroupID.from_string(group_id).localpart + + if localpart.lower() != localpart: + raise SynapseError(400, "Group ID must be lower case") + + if urllib.quote(localpart.encode('utf-8')) != localpart: + raise SynapseError( + 400, + "Group ID can only contain characters a-z, 0-9, or '_-./'", + ) |