prosody-modules: mod_register_json/mod_register

mod_register_json: added check for invalid characters in the username.

author	Marco Cirillo <maranda@lightwitch.org>
date	Thu, 15 Sep 2011 03:32:23 +0000
parents	16da8cd69715
children	f0fafd19fd72

comparison

equal deleted inserted replaced

-:a46c2326eed7
+:ea6641deec12
 				end
 			end
 			-- We first check if the supplied username for registration is already there.
 			if not usermanager.user_exists(req_body["username"], req_body["host"]) then
-				usermanager.create_user(req_body["username"], req_body["password"], req_body["host"]);
+				-- Sanity checks for the username.
-				module:log("debug", "%s registration data submission for %s is successful", user, req_body["username"]);
+				if req_body["username"]:find(" ") or req_body["username"]:find("@") or req_body["username"]:find("<") or
-				return http_response(200, "Done.");
+				   req_body["username"]:find(">") or req_body["username"]:find("\"") or req_body["username"]:find("\'") or
+				   req_body["username"]:find("/") then
+					module:log("debug", "%s supplied an username containing invalid characters: %s", user, req_body["username"]);
+					return http_response(406, "Supplied username contains invalid characters, see RFC 6122.");
+				else
+					usermanager.create_user(req_body["username"], req_body["password"], req_body["host"]);
+					module:log("debug", "%s registration data submission for %s is successful", user, req_body["username"]);
+					return http_response(200, "Done.");
+				end
 			else
 				module:log("debug", "%s registration data submission for %s failed (user already exists)", user, req_body["username"]);
 				return http_response(409, "User already exists.");
 			end
 		end

Mercurial > prosody-modules