From aa3c9c7bd0736bca1b3626c87535192b89431583 Mon Sep 17 00:00:00 2001
From: Erik Johnston <erik@matrix.org>
Date: Fri, 21 Aug 2015 10:57:47 +0100
Subject: Don't allow people to register user ids which only differ by case to
 an existing one

---
 synapse/storage/registration.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'synapse/storage')

diff --git a/synapse/storage/registration.py b/synapse/storage/registration.py
index bf803f2c6e..25adecaf6d 100644
--- a/synapse/storage/registration.py
+++ b/synapse/storage/registration.py
@@ -98,6 +98,17 @@ class RegistrationStore(SQLBaseStore):
             allow_none=True,
         )
 
+    def get_users_by_id_case_insensitive(self, user_id):
+        def f(txn):
+            sql = (
+                "SELECT name, password_hash FROM users"
+                " WHERE name = lower(?)"
+            )
+            txn.execute(sql, (user_id,))
+            return self.cursor_to_dict(txn)
+
+        return self.runInteraction("get_users_by_id_case_insensitive", f)
+
     @defer.inlineCallbacks
     def user_set_password_hash(self, user_id, password_hash):
         """
-- 
cgit 1.4.1