Adding matrix id validation check. Fixes #1520 (#1538)

This commit is contained in:
Dessalines 2021-04-07 07:38:00 -04:00 committed by GitHub
parent 8df102ff4b
commit 5fff927dc4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 21 additions and 1 deletions

View file

@ -60,7 +60,7 @@ use lemmy_utils::{
email::send_email, email::send_email,
location_info, location_info,
settings::structs::Settings, settings::structs::Settings,
utils::{generate_random_string, is_valid_display_name, naive_from_unix}, utils::{generate_random_string, is_valid_display_name, is_valid_matrix_id, naive_from_unix},
ApiError, ApiError,
ConnectionId, ConnectionId,
LemmyError, LemmyError,
@ -187,6 +187,12 @@ impl Perform for SaveUserSettings {
} }
} }
if let Some(Some(matrix_user_id)) = &matrix_user_id {
if !is_valid_matrix_id(matrix_user_id) {
return Err(ApiError::err("invalid_matrix_id").into());
}
}
let local_user_id = local_user_view.local_user.id; let local_user_id = local_user_view.local_user.id;
let person_id = local_user_view.person.id; let person_id = local_user_view.person.id;
let default_listing_type = data.default_listing_type; let default_listing_type = data.default_listing_type;

View file

@ -1,6 +1,7 @@
use crate::utils::{ use crate::utils::{
is_valid_community_name, is_valid_community_name,
is_valid_display_name, is_valid_display_name,
is_valid_matrix_id,
is_valid_post_title, is_valid_post_title,
is_valid_username, is_valid_username,
remove_slurs, remove_slurs,
@ -56,6 +57,14 @@ fn test_valid_post_title() {
assert!(!is_valid_post_title("\n \n \n \n ")); // tabs/spaces/newlines assert!(!is_valid_post_title("\n \n \n \n ")); // tabs/spaces/newlines
} }
#[test]
fn test_valid_matrix_id() {
assert!(is_valid_matrix_id("@dess:matrix.org"));
assert!(!is_valid_matrix_id("dess:matrix.org"));
assert!(!is_valid_matrix_id(" @dess:matrix.org"));
assert!(!is_valid_matrix_id("@dess:matrix.org t"));
}
#[test] #[test]
fn test_slur_filter() { fn test_slur_filter() {
let test = let test =

View file

@ -15,6 +15,7 @@ lazy_static! {
static ref VALID_USERNAME_REGEX: Regex = Regex::new(r"^[a-zA-Z0-9_]{3,20}$").expect("compile regex"); static ref VALID_USERNAME_REGEX: Regex = Regex::new(r"^[a-zA-Z0-9_]{3,20}$").expect("compile regex");
static ref VALID_COMMUNITY_NAME_REGEX: Regex = Regex::new(r"^[a-z0-9_]{3,20}$").expect("compile regex"); static ref VALID_COMMUNITY_NAME_REGEX: Regex = Regex::new(r"^[a-z0-9_]{3,20}$").expect("compile regex");
static ref VALID_POST_TITLE_REGEX: Regex = Regex::new(r".*\S.*").expect("compile regex"); static ref VALID_POST_TITLE_REGEX: Regex = Regex::new(r".*\S.*").expect("compile regex");
static ref VALID_MATRIX_ID_REGEX: Regex = Regex::new(r"^@[A-Za-z0-9._=-]+:[A-Za-z0-9.-]+\.[A-Za-z]{2,}$").expect("compile regex");
} }
pub fn naive_from_unix(time: i64) -> NaiveDateTime { pub fn naive_from_unix(time: i64) -> NaiveDateTime {
@ -115,6 +116,10 @@ pub fn is_valid_display_name(name: &str) -> bool {
&& name.chars().count() <= 20 && name.chars().count() <= 20
} }
pub fn is_valid_matrix_id(matrix_id: &str) -> bool {
VALID_MATRIX_ID_REGEX.is_match(matrix_id)
}
pub fn is_valid_community_name(name: &str) -> bool { pub fn is_valid_community_name(name: &str) -> bool {
VALID_COMMUNITY_NAME_REGEX.is_match(name) VALID_COMMUNITY_NAME_REGEX.is_match(name)
} }