summary refs log tree commit diff
path: root/synapse
diff options
context:
space:
mode:
authorErik Johnston <erikj@jki.re>2017-10-19 12:13:31 +0100
committerGitHub <noreply@github.com>2017-10-19 12:13:31 +0100
commit287dd1ee2c2918967d5a5c215abe92c1248d4977 (patch)
tree4261f6d5ed9c0f30ca5c6cf1525759f0dc86dfea /synapse
parentFix typo (diff)
parentEnforce sensible group IDs (diff)
downloadsynapse-287dd1ee2c2918967d5a5c215abe92c1248d4977.tar.xz
Merge pull request #2558 from matrix-org/erikj/group_id_validation
Enforce sensible group IDs
Diffstat (limited to 'synapse')
-rw-r--r--synapse/groups/groups_server.py20
1 files changed, 19 insertions, 1 deletions
diff --git a/synapse/groups/groups_server.py b/synapse/groups/groups_server.py
index a3a500b9d6..e9b44c0971 100644
--- a/synapse/groups/groups_server.py
+++ b/synapse/groups/groups_server.py
@@ -16,10 +16,11 @@
 from twisted.internet import defer
 
 from synapse.api.errors import SynapseError
-from synapse.types import UserID, get_domain_from_id, RoomID
+from synapse.types import UserID, get_domain_from_id, RoomID, GroupID
 
 
 import logging
+import urllib
 
 logger = logging.getLogger(__name__)
 
@@ -697,6 +698,8 @@ class GroupsServerHandler(object):
     def create_group(self, group_id, user_id, content):
         group = yield self.check_group_is_ours(group_id)
 
+        _validate_group_id(group_id)
+
         logger.info("Attempting to create group with ID: %r", group_id)
         if group:
             raise SynapseError(400, "Group already exists")
@@ -773,3 +776,18 @@ def _parse_visibility_from_contents(content):
         is_public = True
 
     return is_public
+
+
+def _validate_group_id(group_id):
+    """Validates the group ID is valid for creation on this home server
+    """
+    localpart = GroupID.from_string(group_id).localpart
+
+    if localpart.lower() != localpart:
+        raise SynapseError(400, "Group ID must be lower case")
+
+    if urllib.quote(localpart.encode('utf-8')) != localpart:
+        raise SynapseError(
+            400,
+            "Group ID can only contain characters a-z, 0-9, or '_-./'",
+        )