Add UserIdParse() and UserIdFree() functions.

The spec says that a username can be either just the localpart, or a localpart and a server. This commit now ensures that the login endpoint actually handles usernames properly by calling the proper parsing functions.
2023-02-28 13:44:34 +00:00 · 2023-02-28 13:44:34 +00:00 · e2806bc810
commit e2806bc810
parent 58dae3a0c9
3 changed files with 94 additions and 4 deletions
--- a/src/Routes/RouteLogin.c
+++ b/src/Routes/RouteLogin.c
@ -48,7 +48,7 @@ ROUTE_IMPL(RouteLogin, args)
    char *password;
    char *type;
-    char *username;
+    UserId *userId = NULL;
    Db *db = args->matrixArgs->db;
@ -160,9 +160,17 @@ ROUTE_IMPL(RouteLogin, args)
                break;
            }
-            username = JsonValueAsString(val);
+            userId = UserParseId(JsonValueAsString(val),
                                 args->matrixArgs->config->serverName);
            if (!userId)
            {
                HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
                response = MatrixErrorCreate(M_BAD_JSON);
                break;
            }
-            if (!UserExists(db, username))
+            if (strcmp(userId->server, args->matrixArgs->config->serverName) != 0
                || !UserExists(db, userId->localpart))
            {
                HttpResponseStatus(args->context, HTTP_FORBIDDEN);
                response = MatrixErrorCreate(M_FORBIDDEN);
@ -225,7 +233,7 @@ ROUTE_IMPL(RouteLogin, args)
                refreshToken = JsonValueAsBoolean(val);
            }
-            user = UserLock(db, username);
+            user = UserLock(db, userId->localpart);
            if (!user)
            {
@ -284,6 +292,7 @@ ROUTE_IMPL(RouteLogin, args)
            break;
    }
    UserFreeId(userId);
    JsonFree(request);
    return response;
 }
--- a/src/User.c
+++ b/src/User.c
@ -598,3 +598,72 @@ UserDeleteToken(User * user, char *token)
    return 1;
 }
 UserId *
 UserParseId(char *id, char *defaultServer)
 {
    UserId *userId;
    if (!id)
    {
        return NULL;
    }
    id = StrDuplicate(id);
    if (!id)
    {
        return NULL;
    }
    userId = Malloc(sizeof(UserId));
    if (!userId)
    {
        goto finish;
    }
    /* Fully-qualified user ID */
    if (*id == '@')
    {
        char *localStart = id + 1;
        char *serverStart = localStart;
        while (*serverStart != ':' && *serverStart != '\0')
        {
            serverStart++;
        }
        if (*serverStart == '\0')
        {
            Free(userId);
            userId = NULL;
            goto finish;
        }
        *serverStart = '\0';
        serverStart++;
        userId->localpart = StrDuplicate(localStart);
        userId->server = StrDuplicate(serverStart);
    }
    else
    {
        /* Treat it as just a localpart */
        userId->localpart = StrDuplicate(id);
        userId->server = StrDuplicate(defaultServer);
    }
 finish:
    Free(id);
    return userId;
 }
 void 
 UserFreeId(UserId *id)
 {
    if (id)
    {
        Free(id->localpart);
        Free(id->server);
        Free(id);
    }
 }
--- a/src/include/User.h
+++ b/src/include/User.h
@ -42,6 +42,12 @@ typedef struct UserLoginInfo
    char *refreshToken;
 } UserLoginInfo;
 typedef struct UserId
 {
    char *localpart;
    char *server;
 } UserId;
 extern int
 UserValidate(char *, char *);
@ -93,4 +99,10 @@ extern void
 extern int
 UserDeleteToken(User *, char *);
 extern UserId *
 UserParseId(char *, char *);
 extern void
 UserFreeId(UserId *);
 #endif                             /* TELODENDRIA_USER_H */