diff options
author | Erik Johnston <erikj@jki.re> | 2017-10-19 12:13:31 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-10-19 12:13:31 +0100 |
commit | 287dd1ee2c2918967d5a5c215abe92c1248d4977 (patch) | |
tree | 4261f6d5ed9c0f30ca5c6cf1525759f0dc86dfea /synapse | |
parent | Fix typo (diff) | |
parent | Enforce sensible group IDs (diff) | |
download | synapse-287dd1ee2c2918967d5a5c215abe92c1248d4977.tar.xz |
Merge pull request #2558 from matrix-org/erikj/group_id_validation
Enforce sensible group IDs
Diffstat (limited to 'synapse')
-rw-r--r-- | synapse/groups/groups_server.py | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/synapse/groups/groups_server.py b/synapse/groups/groups_server.py index a3a500b9d6..e9b44c0971 100644 --- a/synapse/groups/groups_server.py +++ b/synapse/groups/groups_server.py @@ -16,10 +16,11 @@ from twisted.internet import defer from synapse.api.errors import SynapseError -from synapse.types import UserID, get_domain_from_id, RoomID +from synapse.types import UserID, get_domain_from_id, RoomID, GroupID import logging +import urllib logger = logging.getLogger(__name__) @@ -697,6 +698,8 @@ class GroupsServerHandler(object): def create_group(self, group_id, user_id, content): group = yield self.check_group_is_ours(group_id) + _validate_group_id(group_id) + logger.info("Attempting to create group with ID: %r", group_id) if group: raise SynapseError(400, "Group already exists") @@ -773,3 +776,18 @@ def _parse_visibility_from_contents(content): is_public = True return is_public + + +def _validate_group_id(group_id): + """Validates the group ID is valid for creation on this home server + """ + localpart = GroupID.from_string(group_id).localpart + + if localpart.lower() != localpart: + raise SynapseError(400, "Group ID must be lower case") + + if urllib.quote(localpart.encode('utf-8')) != localpart: + raise SynapseError( + 400, + "Group ID can only contain characters a-z, 0-9, or '_-./'", + ) |