From 513c23bfd90b9386f59dea96e5f1ccc609da1c03 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Thu, 19 Oct 2017 12:01:01 +0100 Subject: Enforce sensible group IDs --- synapse/groups/groups_server.py | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) (limited to 'synapse/groups') diff --git a/synapse/groups/groups_server.py b/synapse/groups/groups_server.py index a3a500b9d6..e9b44c0971 100644 --- a/synapse/groups/groups_server.py +++ b/synapse/groups/groups_server.py @@ -16,10 +16,11 @@ from twisted.internet import defer from synapse.api.errors import SynapseError -from synapse.types import UserID, get_domain_from_id, RoomID +from synapse.types import UserID, get_domain_from_id, RoomID, GroupID import logging +import urllib logger = logging.getLogger(__name__) @@ -697,6 +698,8 @@ class GroupsServerHandler(object): def create_group(self, group_id, user_id, content): group = yield self.check_group_is_ours(group_id) + _validate_group_id(group_id) + logger.info("Attempting to create group with ID: %r", group_id) if group: raise SynapseError(400, "Group already exists") @@ -773,3 +776,18 @@ def _parse_visibility_from_contents(content): is_public = True return is_public + + +def _validate_group_id(group_id): + """Validates the group ID is valid for creation on this home server + """ + localpart = GroupID.from_string(group_id).localpart + + if localpart.lower() != localpart: + raise SynapseError(400, "Group ID must be lower case") + + if urllib.quote(localpart.encode('utf-8')) != localpart: + raise SynapseError( + 400, + "Group ID can only contain characters a-z, 0-9, or '_-./'", + ) -- cgit 1.4.1