From 4ffb5c69bdf5a8437b689cee010d02d08c988cbe Mon Sep 17 00:00:00 2001 From: Brendan Abolivier Date: Wed, 3 Jun 2020 15:24:20 +0200 Subject: [PATCH 1/3] Check if the localpart is reserved for guests earlier in the registration flow --- changelog.d/7625.misc | 1 + synapse/handlers/register.py | 18 +++++++++--------- 2 files changed, 10 insertions(+), 9 deletions(-) create mode 100644 changelog.d/7625.misc diff --git a/changelog.d/7625.misc b/changelog.d/7625.misc new file mode 100644 index 000000000000..6a8fc7eeb318 --- /dev/null +++ b/changelog.d/7625.misc @@ -0,0 +1 @@ +Check if the localpart is reserved for guests users earlier in the registration flow, as well as when responding to requests on `/register/available`. diff --git a/synapse/handlers/register.py b/synapse/handlers/register.py index a6178e74a19b..d2c1712f00b0 100644 --- a/synapse/handlers/register.py +++ b/synapse/handlers/register.py @@ -128,6 +128,15 @@ def check_username(self, localpart, guest_access_token=None, assigned_user_id=No errcode=Codes.FORBIDDEN, ) + if guest_access_token is not None: + try: + int(localpart) + raise SynapseError( + 400, "Numeric user IDs are reserved for guest users." + ) + except ValueError: + pass + @defer.inlineCallbacks def register_user( self, @@ -170,15 +179,6 @@ def register_user( was_guest = guest_access_token is not None - if not was_guest: - try: - int(localpart) - raise SynapseError( - 400, "Numeric user IDs are reserved for guest users." - ) - except ValueError: - pass - user = UserID(localpart, self.hs.hostname) user_id = user.to_string() From 5922eb0978cda542146236e6bbd74a057d456c48 Mon Sep 17 00:00:00 2001 From: Brendan Abolivier Date: Wed, 3 Jun 2020 16:13:40 +0200 Subject: [PATCH 2/3] Update synapse/handlers/register.py Co-authored-by: Patrick Cloke --- synapse/handlers/register.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/synapse/handlers/register.py b/synapse/handlers/register.py index d2c1712f00b0..55a03e53ead4 100644 --- a/synapse/handlers/register.py +++ b/synapse/handlers/register.py @@ -128,7 +128,7 @@ def check_username(self, localpart, guest_access_token=None, assigned_user_id=No errcode=Codes.FORBIDDEN, ) - if guest_access_token is not None: + if guest_access_token is None: try: int(localpart) raise SynapseError( From 69dc75266f15e134f39b24f873a322f6f6e9cb7a Mon Sep 17 00:00:00 2001 From: Brendan Abolivier Date: Wed, 3 Jun 2020 16:21:50 +0200 Subject: [PATCH 3/3] Update changelog.d/7625.misc Co-authored-by: Patrick Cloke --- changelog.d/7625.misc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelog.d/7625.misc b/changelog.d/7625.misc index 6a8fc7eeb318..4c61d8d99f15 100644 --- a/changelog.d/7625.misc +++ b/changelog.d/7625.misc @@ -1 +1 @@ -Check if the localpart is reserved for guests users earlier in the registration flow, as well as when responding to requests on `/register/available`. +Check if the localpart of a Matrix ID is reserved for guest users earlier in the registration flow, as well as when responding to requests to `/register/available`.