forked from MirrorHub/synapse
Don't allow people to register user ids which only differ by case to an existing one
This commit is contained in:
parent
1f7642efa9
commit
aa3c9c7bd0
2 changed files with 13 additions and 2 deletions
|
@ -57,8 +57,8 @@ class RegistrationHandler(BaseHandler):
|
|||
|
||||
yield self.check_user_id_is_valid(user_id)
|
||||
|
||||
u = yield self.store.get_user_by_id(user_id)
|
||||
if u:
|
||||
users = yield self.store.get_users_by_id_case_insensitive(user_id)
|
||||
if users:
|
||||
raise SynapseError(
|
||||
400,
|
||||
"User ID already taken.",
|
||||
|
|
|
@ -98,6 +98,17 @@ class RegistrationStore(SQLBaseStore):
|
|||
allow_none=True,
|
||||
)
|
||||
|
||||
def get_users_by_id_case_insensitive(self, user_id):
|
||||
def f(txn):
|
||||
sql = (
|
||||
"SELECT name, password_hash FROM users"
|
||||
" WHERE name = lower(?)"
|
||||
)
|
||||
txn.execute(sql, (user_id,))
|
||||
return self.cursor_to_dict(txn)
|
||||
|
||||
return self.runInteraction("get_users_by_id_case_insensitive", f)
|
||||
|
||||
@defer.inlineCallbacks
|
||||
def user_set_password_hash(self, user_id, password_hash):
|
||||
"""
|
||||
|
|
Loading…
Reference in a new issue