Don't allow people to register user ids which only differ by case to an existing one

This commit is contained in:
Erik Johnston 2015-08-21 10:57:47 +01:00
parent 1f7642efa9
commit aa3c9c7bd0
2 changed files with 13 additions and 2 deletions

View file

@ -57,8 +57,8 @@ class RegistrationHandler(BaseHandler):
yield self.check_user_id_is_valid(user_id)
u = yield self.store.get_user_by_id(user_id)
if u:
users = yield self.store.get_users_by_id_case_insensitive(user_id)
if users:
raise SynapseError(
400,
"User ID already taken.",

View file

@ -98,6 +98,17 @@ class RegistrationStore(SQLBaseStore):
allow_none=True,
)
def get_users_by_id_case_insensitive(self, user_id):
def f(txn):
sql = (
"SELECT name, password_hash FROM users"
" WHERE name = lower(?)"
)
txn.execute(sql, (user_id,))
return self.cursor_to_dict(txn)
return self.runInteraction("get_users_by_id_case_insensitive", f)
@defer.inlineCallbacks
def user_set_password_hash(self, user_id, password_hash):
"""