Escape user IDs correctly #112

Half-Shot · 2019-06-27T23:28:09Z

This fixes #109. In addition, this PR adds a global variable to disable userid escaping for bridges that don't support it yet.

turt2live

otherwise lgtm

turt2live · 2019-06-27T23:29:34Z

lib/models/users/matrix.js

@@ -58,7 +59,7 @@ MatrixUser.prototype.set = function(key, val) {
    this._data[key] = val;
 };

-/**
+/**u


turt2live · 2019-06-27T23:30:26Z

lib/models/users/matrix.js

-    const badChars = new Set(this.localpart.replace(/([A-z0-9]|-|\.|=|_)+/g, ""));
+    // NOTE: Currently Matrix accepts / in the userId, although going forward it will be removed.
+    // NOTE: We also allow uppercase for the time being.
+    const badChars = new Set(this.localpart.replace(/([A-Z]|[a-z]|[0-9]|-|\.|=|_)+/g, ""));


we should remove characters which aren't allowed, such as uppercase. I'm pretty sure Synapse has started failing to register uppercase usernames by now.

turt2live · 2019-06-27T23:54:32Z

lib/models/users/matrix.js

+        const code = c.charCodeAt(0);
+        const hex = code.toString(16).toLowerCase();
+        if (code < 65 || code > 90) {
+            // Alpha codes do not need escaping.


... but should be lowercased.

are we lowercasing them rather than escaping them?

I don't see why not. User IDs are semi-opaque anyways, so Bob and bob are just going to have to get along.

I can see that causing lots of unexpected conflicts :c

tbh I see anything we do here as creating unexpected conflicts. See also: IRC bridge creating duplicate users, resulting in the bridge doing it's own escaping.

Maybe we just keep uppercase as allowed (sorry) and never visit this code again.

turt2live · 2019-06-27T23:54:52Z

spec/unit/matrix-user.spec.js

@@ -6,8 +6,8 @@ describe("MatrixUser", function() {
            [
                new MatrixUser("@test:localhost", null, false),
                new MatrixUser("@42:localhost", null, false),
-                new MatrixUser("@Test42:localhost", null, false),
-                new MatrixUser("@A=Good-set.of_chars:localhost", null, false)


which means keeping this test to result in a lowercase version

Half-Shot added 3 commits June 28, 2019 00:24

Catch [] in escape code

8f9eb42

Add global to enable/disable all caching

9dd51cc

Add docstring for static var

cab087b

Half-Shot requested a review from turt2live June 27, 2019 23:28

Half-Shot changed the base branch from master to develop June 27, 2019 23:28

turt2live changed the title ~~Hs/escaping fixes~~ Escape user IDs correctly Jun 27, 2019

turt2live approved these changes Jun 27, 2019

View reviewed changes

turt2live reviewed Jun 27, 2019

View reviewed changes

Half-Shot mentioned this pull request Jun 27, 2019

Disable userid escaping entirely matrix-org/matrix-appservice-irc#768

Merged

Half-Shot force-pushed the hs/escaping-fixes branch from 12f0e0b to cab087b Compare June 28, 2019 06:32

u

7736401

Half-Shot merged commit 346cea3 into develop Jun 28, 2019

Half-Shot deleted the hs/escaping-fixes branch September 29, 2020 13:30

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Escape user IDs correctly #112

Escape user IDs correctly #112

Half-Shot commented Jun 27, 2019

turt2live left a comment

turt2live Jun 27, 2019

turt2live Jun 27, 2019

turt2live Jun 27, 2019

Half-Shot Jun 28, 2019

turt2live Jun 28, 2019

Half-Shot Jun 28, 2019

turt2live Jun 28, 2019

turt2live Jun 27, 2019

Escape user IDs correctly #112

Escape user IDs correctly #112

Conversation

Half-Shot commented Jun 27, 2019

turt2live left a comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment