From 1cf9f20d2f740864a48bfb3465f686f4bfe61591 Mon Sep 17 00:00:00 2001 From: bodqhrohro Date: Thu, 19 Nov 2020 00:56:06 +0200 Subject: [PATCH] Allow = in user identifiers (#1590) While I was breaking through all the TDD bureaucracy to finally push this fix, it turned out that it already got fixed in #1578. Still I push the rest of the changes (basically, everything except of actually fixing the bug ;)). `=` is crucial for matrix-bifrost which turns XMPP @'s into =40. Signed-off-by: Bohdan Horbeshko --- clientapi/routing/register.go | 4 ++-- sytest-whitelist | 7 +++++++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/clientapi/routing/register.go b/clientapi/routing/register.go index 90e9eed38..528537ef4 100644 --- a/clientapi/routing/register.go +++ b/clientapi/routing/register.go @@ -209,7 +209,7 @@ func validateUsername(username string) *util.JSONResponse { } else if !validUsernameRegex.MatchString(username) { return &util.JSONResponse{ Code: http.StatusBadRequest, - JSON: jsonerror.InvalidUsername("Username can only contain characters a-z, 0-9, or '_-./'"), + JSON: jsonerror.InvalidUsername("Username can only contain characters a-z, 0-9, or '_-./='"), } } else if username[0] == '_' { // Regex checks its not a zero length string return &util.JSONResponse{ @@ -230,7 +230,7 @@ func validateApplicationServiceUsername(username string) *util.JSONResponse { } else if !validUsernameRegex.MatchString(username) { return &util.JSONResponse{ Code: http.StatusBadRequest, - JSON: jsonerror.InvalidUsername("Username can only contain characters a-z, 0-9, or '_-./'"), + JSON: jsonerror.InvalidUsername("Username can only contain characters a-z, 0-9, or '_-./='"), } } return nil diff --git a/sytest-whitelist b/sytest-whitelist index 17bf2581d..ffcb1785a 100644 --- a/sytest-whitelist +++ b/sytest-whitelist @@ -16,6 +16,13 @@ POST /register rejects registration of usernames with '£' POST /register rejects registration of usernames with 'é' POST /register rejects registration of usernames with '\n' POST /register rejects registration of usernames with ''' +POST /register allows registration of usernames with 'q' +POST /register allows registration of usernames with '3' +POST /register allows registration of usernames with '.' +POST /register allows registration of usernames with '_' +POST /register allows registration of usernames with '=' +POST /register allows registration of usernames with '-' +POST /register allows registration of usernames with '/' GET /login yields a set of flows POST /login can log in as a user POST /login returns the same device_id as that in the request