Check userID against AS namespace instead of localpart (#533)

This commit is contained in:
Andrew Morgan 2018-07-17 08:36:23 -07:00 committed by GitHub
parent 40b1dd6f12
commit d2b349a75a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -335,9 +335,10 @@ func UsernameMatchesMultipleExclusiveNamespaces(
cfg *config.Dendrite, cfg *config.Dendrite,
username string, username string,
) bool { ) bool {
userID := userutil.MakeUserID(username, cfg.Matrix.ServerName)
// Check namespaces and see if more than one match // Check namespaces and see if more than one match
matchCount := 0 matchCount := 0
userID := userutil.MakeUserID(username, cfg.Matrix.ServerName)
for _, appservice := range cfg.Derived.ApplicationServices { for _, appservice := range cfg.Derived.ApplicationServices {
if appservice.IsInterestedInUserID(userID) { if appservice.IsInterestedInUserID(userID) {
if matchCount++; matchCount > 1 { if matchCount++; matchCount > 1 {
@ -348,6 +349,16 @@ func UsernameMatchesMultipleExclusiveNamespaces(
return false return false
} }
// UsernameMatchesExclusiveNamespaces will check if a given username matches any
// application service's exclusive users namespace
func UsernameMatchesExclusiveNamespaces(
cfg *config.Dendrite,
username string,
) bool {
userID := userutil.MakeUserID(username, cfg.Matrix.ServerName)
return cfg.Derived.ExclusiveApplicationServicesUsernameRegexp.MatchString(userID)
}
// validateApplicationService checks if a provided application service token // validateApplicationService checks if a provided application service token
// corresponds to one that is registered. If so, then it checks if the desired // corresponds to one that is registered. If so, then it checks if the desired
// username is within that application service's namespace. As long as these // username is within that application service's namespace. As long as these
@ -466,7 +477,7 @@ func Register(
// service namespace. Skip this check if no app services are registered. // service namespace. Skip this check if no app services are registered.
if r.Auth.Type != "m.login.application_service" && if r.Auth.Type != "m.login.application_service" &&
len(cfg.Derived.ApplicationServices) != 0 && len(cfg.Derived.ApplicationServices) != 0 &&
cfg.Derived.ExclusiveApplicationServicesUsernameRegexp.MatchString(r.Username) { UsernameMatchesExclusiveNamespaces(cfg, r.Username) {
return util.JSONResponse{ return util.JSONResponse{
Code: http.StatusBadRequest, Code: http.StatusBadRequest,
JSON: jsonerror.ASExclusive("This username is reserved by an application service."), JSON: jsonerror.ASExclusive("This username is reserved by an application service."),