matrix-org · richvdh · May 20, 2019 · May 17, 2019 · May 17, 2019 · May 17, 2019
@@ -0,0 +1 @@
+Prevent registration for user ids that are to long to fit into a state key. Contributed by Reid Anderson.
@@ -23,6 +23,9 @@
 # the maximum length for a room alias is 255 characters
 MAX_ALIAS_LENGTH = 255
 
+# the maximum length for a user id is 255 characters
+MAX_USERID_LENGTH = 255
+
 
 class Membership(object):
 

@@ -19,7 +19,10 @@
 from twisted.internet import defer
 
 from synapse import types
-from synapse.api.constants import LoginType
+from synapse.api.constants import (
+    LoginType,
+    MAX_USERID_LENGTH
+)
 from synapse.api.errors import (
     AuthError,
     Codes,
@@ -123,6 +126,15 @@ def check_username(self, localpart, guest_access_token=None,
 
         self.check_user_id_not_appservice_exclusive(user_id)
 
+        if len(user_id) > MAX_ALIAS_LENGTH:
+            raise SynapseError(
+                400,
+                "User ID may not be longer than %s characters" % (
+                    MAX_ALIAS_LENGTH,
+                ),
+                Codes.INVALID_USERNAME
+            )
+
         users = yield self.store.get_users_by_id_case_insensitive(user_id)
         if users:
             if not guest_access_token:

@@ -228,3 +228,10 @@ def test_register_support_user(self):
     def test_register_not_support_user(self):
         res = self.get_success(self.handler.register(localpart='user'))
         self.assertFalse(self.store.is_support_user(res[0]))
+
+    def test_invalid_user_id_length(self):
+        invalid_user_id = "x"*257
+        res = self.get_failure(
+            self.handler.register(localpart=invalid_user_id),
+            SynapseError
+        )
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Prevent registration for user ids that are to long to fit into a state key. Contributed by Reid Anderson.