Software /
code /
prosody-modules
Comparison
mod_register_json/mod_register_json.lua @ 429:ea6641deec12
mod_register_json: added check for invalid characters in the username.
author | Marco Cirillo <maranda@lightwitch.org> |
---|---|
date | Thu, 15 Sep 2011 03:32:23 +0000 |
parent | 370:16da8cd69715 |
child | 430:f0fafd19fd72 |
comparison
equal
deleted
inserted
replaced
428:a46c2326eed7 | 429:ea6641deec12 |
---|---|
92 end | 92 end |
93 end | 93 end |
94 | 94 |
95 -- We first check if the supplied username for registration is already there. | 95 -- We first check if the supplied username for registration is already there. |
96 if not usermanager.user_exists(req_body["username"], req_body["host"]) then | 96 if not usermanager.user_exists(req_body["username"], req_body["host"]) then |
97 usermanager.create_user(req_body["username"], req_body["password"], req_body["host"]); | 97 -- Sanity checks for the username. |
98 module:log("debug", "%s registration data submission for %s is successful", user, req_body["username"]); | 98 if req_body["username"]:find(" ") or req_body["username"]:find("@") or req_body["username"]:find("<") or |
99 return http_response(200, "Done."); | 99 req_body["username"]:find(">") or req_body["username"]:find("\"") or req_body["username"]:find("\'") or |
100 req_body["username"]:find("/") then | |
101 module:log("debug", "%s supplied an username containing invalid characters: %s", user, req_body["username"]); | |
102 return http_response(406, "Supplied username contains invalid characters, see RFC 6122."); | |
103 else | |
104 usermanager.create_user(req_body["username"], req_body["password"], req_body["host"]); | |
105 module:log("debug", "%s registration data submission for %s is successful", user, req_body["username"]); | |
106 return http_response(200, "Done."); | |
107 end | |
100 else | 108 else |
101 module:log("debug", "%s registration data submission for %s failed (user already exists)", user, req_body["username"]); | 109 module:log("debug", "%s registration data submission for %s failed (user already exists)", user, req_body["username"]); |
102 return http_response(409, "User already exists."); | 110 return http_response(409, "User already exists."); |
103 end | 111 end |
104 end | 112 end |