Squash usernames wherever we verify them, and check for all lowercase

Signed-off-by: Andrew Morgan (https://amorgan.xyz) <andrew@amorgan.xyz>
2025-12-13 09:53:10 -06:00 · 2017-12-01 16:21:12 -08:00 · 2017-12-01 16:21:12 -08:00 · 259a4461a1
parent aea970e24f
commit 259a4461a1
1 changed files with 8 additions and 1 deletions
--- a/src/github.com/matrix-org/dendrite/clientapi/routing/register.go
+++ b/src/github.com/matrix-org/dendrite/clientapi/routing/register.go
@ -49,7 +49,7 @@ const (
 var (
 	// TODO: Remove old sessions. Need to do so on a session-specific timeout.
 	sessions           = make(map[string][]authtypes.LoginType) // Sessions and completed flow stages
-	validUsernameRegex = regexp.MustCompile(`^[0-9a-zA-Z_\-./]+$`)
+	validUsernameRegex = regexp.MustCompile(`^[0-9a-z_\-./]+$`)
 )
 // registerRequest represents the submitted registration request.
@ -281,6 +281,10 @@ func LegacyRegister(
 	if resErr != nil {
 		return *resErr
 	}
 	// Squash username to all lowercase letters
 	r.Username = strings.ToLower(r.Username)
 	if resErr = validateUserName(r.Username); resErr != nil {
 		return *resErr
 	}
@ -481,6 +485,9 @@ func RegisterAvailable(
 ) util.JSONResponse {
 	username := req.URL.Query().Get("username")
 	// Squash username to all lowercase letters
 	username = strings.ToLower(username)
 	if err := validateUserName(username); err != nil {
 		return *err
 	}