Enforce sensible group IDs

2025-11-04 02:01:03 +01:00 · 2017-10-19 12:01:01 +01:00 · 2017-10-19 12:01:01 +01:00 · 513c23bfd9
commit 513c23bfd9
parent 011d03a0f6
1 changed files with 19 additions and 1 deletions
--- a/synapse/groups/groups_server.py
+++ b/synapse/groups/groups_server.py
@ -16,10 +16,11 @@
 from twisted.internet import defer

 from synapse.api.errors import SynapseError
-from synapse.types import UserID, get_domain_from_id, RoomID
+from synapse.types import UserID, get_domain_from_id, RoomID, GroupID


 import logging
+import urllib

 logger = logging.getLogger(__name__)

@ -697,6 +698,8 @@ class GroupsServerHandler(object):
    def create_group(self, group_id, user_id, content):
        group = yield self.check_group_is_ours(group_id)

+        _validate_group_id(group_id)
+
        logger.info("Attempting to create group with ID: %r", group_id)
        if group:
            raise SynapseError(400, "Group already exists")
@ -773,3 +776,18 @@ def _parse_visibility_from_contents(content):
        is_public = True

    return is_public
+
+
+def _validate_group_id(group_id):
+    """Validates the group ID is valid for creation on this home server
+    """
+    localpart = GroupID.from_string(group_id).localpart
+
+    if localpart.lower() != localpart:
+        raise SynapseError(400, "Group ID must be lower case")
+
+    if urllib.quote(localpart.encode('utf-8')) != localpart:
+        raise SynapseError(
+            400,
+            "Group ID can only contain characters a-z, 0-9, or '_-./'",
+        )