identifiers: Don't accept colons in user-id localparts, even in compat

2023-02-07 20:54:30 +01:00 · 2023-02-07 20:54:30 +01:00 · 3013ca0dc1
commit 3013ca0dc1
parent 9c65a7dcae
3 changed files with 26 additions and 6 deletions
--- a/crates/ruma-common/CHANGELOG.md
+++ b/crates/ruma-common/CHANGELOG.md
@ -1,5 +1,10 @@
 # [unreleased]

+Bug fixes:
+
+- Don't accept colons in the localpart given to `UserId::parse_with_servername`
+  even with `feature = "compat"`
+
 Improvements:

 - Derive `Hash` for `ReceiptType` and `ReceiptThread`
--- a/crates/ruma-common/src/identifiers/user_id.rs
+++ b/crates/ruma-common/src/identifiers/user_id.rs
@ -206,6 +206,11 @@ mod tests {
        UserId::parse_arc(user_id).unwrap_err();
    }

+    #[test]
+    fn definitely_invalid_user_id() {
+        UserId::parse_with_server_name("a:b", server_name!("example.com")).unwrap_err();
+    }
+
    #[test]
    fn valid_historical_user_id() {
        let user_id =
--- a/crates/ruma-identifiers-validation/src/user_id.rs
+++ b/crates/ruma-identifiers-validation/src/user_id.rs
@ -23,12 +23,22 @@ pub fn localpart_is_fully_conforming(localpart: &str) -> Result<bool, Error> {
        .bytes()
        .all(|b| matches!(b, b'0'..=b'9' | b'a'..=b'z' | b'-' | b'.' | b'=' | b'_' | b'/'));

-    // If it's not fully conforming, check if it contains characters that are also disallowed
-    // for historical user IDs. If there are, return an error.
-    // See https://spec.matrix.org/v1.4/appendices/#historical-user-ids
-    #[cfg(not(feature = "compat"))]
-    if !is_fully_conforming && localpart.bytes().any(|b| b < 0x21 || b == b':' || b > 0x7E) {
-        return Err(Error::InvalidCharacters);
+    if !is_fully_conforming {
+        // If it's not fully conforming, check if it contains characters that are also disallowed
+        // for historical user IDs. If there are, return an error.
+        // See https://spec.matrix.org/v1.4/appendices/#historical-user-ids
+        #[cfg(not(feature = "compat"))]
+        let is_invalid = localpart.bytes().any(|b| b < 0x21 || b == b':' || b > 0x7E);
+
+        // In compat mode, allow anything except `:` to match Synapse. The `:` check is only needed
+        // because this function can be called through `UserId::parse_with_servername`, otherwise
+        // it would be impossible for the input to contain a `:`.
+        #[cfg(feature = "compat")]
+        let is_invalid = localpart.as_bytes().contains(&b':');
+
+        if is_invalid {
+            return Err(Error::InvalidCharacters);
+        }
    }

    Ok(is_fully_conforming)