Diff

mod_register_json/mod_register_json.lua @ 430:f0fafd19fd72

mod_register_json: changed pestered code to something less pestered. (added nodeprep)
author Marco Cirillo <maranda@lightwitch.org>
date Thu, 15 Sep 2011 21:23:49 +0000
parent 429:ea6641deec12
child 529:84e992f70ba3
line wrap: on
line diff
--- a/mod_register_json/mod_register_json.lua	Thu Sep 15 03:32:23 2011 +0000
+++ b/mod_register_json/mod_register_json.lua	Thu Sep 15 21:23:49 2011 +0000
@@ -11,6 +11,7 @@
 local json_decode = require "util.json".decode;
 local httpserver = require "net.httpserver";
 local os_time = os.time;
+local nodeprep = require "util.encodings".stringprep.nodeprep;
 
 module.host = "*" -- HTTP/BOSH Servlets need to be global.
 
@@ -93,20 +94,19 @@
 			end
 
 			-- We first check if the supplied username for registration is already there.
-			if not usermanager.user_exists(req_body["username"], req_body["host"]) then
-				-- Sanity checks for the username.
-				if req_body["username"]:find(" ") or req_body["username"]:find("@") or req_body["username"]:find("<") or
-				   req_body["username"]:find(">") or req_body["username"]:find("\"") or req_body["username"]:find("\'") or
-				   req_body["username"]:find("/") then
-					module:log("debug", "%s supplied an username containing invalid characters: %s", user, req_body["username"]);
+			-- And nodeprep the username
+			local username = nodeprep(req_body["username"]);
+			if not usermanager.user_exists(username, req_body["host"]) then
+				if not username then
+					module:log("debug", "%s supplied an username containing invalid characters: %s", user, username);
 					return http_response(406, "Supplied username contains invalid characters, see RFC 6122.");
 				else
-					usermanager.create_user(req_body["username"], req_body["password"], req_body["host"]);
-					module:log("debug", "%s registration data submission for %s is successful", user, req_body["username"]);
+					usermanager.create_user(username, req_body["password"], req_body["host"]);
+					module:log("debug", "%s registration data submission for %s is successful", user, username);
 					return http_response(200, "Done.");
 				end
 			else
-				module:log("debug", "%s registration data submission for %s failed (user already exists)", user, req_body["username"]);
+				module:log("debug", "%s registration data submission for %s failed (user already exists)", user, username);
 				return http_response(409, "User already exists.");
 			end
 		end