mirror of
https://codeberg.org/grunfink/snac2.git
synced 2024-11-25 14:35:04 +00:00
Don't allow creating users which user name strings only differ in case.
This commit is contained in:
parent
e127269a4a
commit
253e7f9eaa
5 changed files with 47 additions and 19 deletions
2
Makefile
2
Makefile
|
@ -53,4 +53,4 @@ snac.o: snac.c xs.h xs_io.h xs_unicode.h xs_json.h xs_curl.h xs_openssl.h \
|
||||||
upgrade.o: upgrade.c xs.h xs_io.h xs_json.h xs_glob.h snac.h
|
upgrade.o: upgrade.c xs.h xs_io.h xs_json.h xs_glob.h snac.h
|
||||||
utils.o: utils.c xs.h xs_io.h xs_json.h xs_time.h xs_openssl.h \
|
utils.o: utils.c xs.h xs_io.h xs_json.h xs_time.h xs_openssl.h \
|
||||||
xs_random.h snac.h
|
xs_random.h snac.h
|
||||||
webfinger.o: webfinger.c xs.h xs_json.h xs_curl.h snac.h
|
webfinger.o: webfinger.c xs.h xs_json.h xs_curl.h xs_mime.h snac.h
|
||||||
|
|
30
data.c
30
data.c
|
@ -154,12 +154,34 @@ int user_open(snac *snac, const char *uid)
|
||||||
memset(snac, '\0', sizeof(struct _snac));
|
memset(snac, '\0', sizeof(struct _snac));
|
||||||
|
|
||||||
if (validate_uid(uid)) {
|
if (validate_uid(uid)) {
|
||||||
xs *cfg_file;
|
xs *cfg_file = NULL;
|
||||||
FILE *f;
|
FILE *f;
|
||||||
|
|
||||||
snac->uid = xs_str_new(uid);
|
xs *t = xs_fmt("%s/user/%s", srv_basedir, uid);
|
||||||
|
|
||||||
snac->basedir = xs_fmt("%s/user/%s", srv_basedir, uid);
|
if (mtime(t) == 0.0) {
|
||||||
|
/* user folder does not exist; try with a different case */
|
||||||
|
xs *lcuid = xs_tolower_i(xs_dup(uid));
|
||||||
|
xs *ulist = user_list();
|
||||||
|
xs_list *p = ulist;
|
||||||
|
xs_str *v;
|
||||||
|
|
||||||
|
while (xs_list_iter(&p, &v)) {
|
||||||
|
xs *v2 = xs_tolower_i(xs_dup(v));
|
||||||
|
|
||||||
|
if (strcmp(lcuid, v2) == 0) {
|
||||||
|
snac->uid = xs_dup(v);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
snac->uid = xs_str_new(uid);
|
||||||
|
|
||||||
|
if (snac->uid == NULL)
|
||||||
|
return ret;
|
||||||
|
|
||||||
|
snac->basedir = xs_fmt("%s/user/%s", srv_basedir, snac->uid);
|
||||||
|
|
||||||
cfg_file = xs_fmt("%s/user.json", snac->basedir);
|
cfg_file = xs_fmt("%s/user.json", snac->basedir);
|
||||||
|
|
||||||
|
@ -176,7 +198,7 @@ int user_open(snac *snac, const char *uid)
|
||||||
fclose(f);
|
fclose(f);
|
||||||
|
|
||||||
if (snac->key != NULL) {
|
if (snac->key != NULL) {
|
||||||
snac->actor = xs_fmt("%s/%s", srv_baseurl, uid);
|
snac->actor = xs_fmt("%s/%s", srv_baseurl, snac->uid);
|
||||||
snac->md5 = xs_md5_hex(snac->actor, strlen(snac->actor));
|
snac->md5 = xs_md5_hex(snac->actor, strlen(snac->actor));
|
||||||
|
|
||||||
/* everything is ok right now */
|
/* everything is ok right now */
|
||||||
|
|
3
snac.c
3
snac.c
|
@ -79,6 +79,9 @@ double ftime(void)
|
||||||
int validate_uid(const char *uid)
|
int validate_uid(const char *uid)
|
||||||
/* returns if uid is a valid identifier */
|
/* returns if uid is a valid identifier */
|
||||||
{
|
{
|
||||||
|
if (!uid || *uid == '\0')
|
||||||
|
return 0;
|
||||||
|
|
||||||
while (*uid) {
|
while (*uid) {
|
||||||
if (!(isalnum(*uid) || *uid == '_'))
|
if (!(isalnum(*uid) || *uid == '_'))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
2
utils.c
2
utils.c
|
@ -244,7 +244,7 @@ int adduser(const char *uid)
|
||||||
}
|
}
|
||||||
|
|
||||||
if (user_open(&snac, uid)) {
|
if (user_open(&snac, uid)) {
|
||||||
printf("ERROR: user '%s' already exists\n", uid);
|
printf("ERROR: user '%s' already exists\n", snac.uid);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
29
webfinger.c
29
webfinger.c
|
@ -4,6 +4,7 @@
|
||||||
#include "xs.h"
|
#include "xs.h"
|
||||||
#include "xs_json.h"
|
#include "xs_json.h"
|
||||||
#include "xs_curl.h"
|
#include "xs_curl.h"
|
||||||
|
#include "xs_mime.h"
|
||||||
|
|
||||||
#include "snac.h"
|
#include "snac.h"
|
||||||
|
|
||||||
|
@ -128,20 +129,11 @@ int webfinger_get_handler(xs_dict *req, char *q_path,
|
||||||
|
|
||||||
if (xs_startswith(resource, "https:/" "/")) {
|
if (xs_startswith(resource, "https:/" "/")) {
|
||||||
/* actor search: find a user with this actor */
|
/* actor search: find a user with this actor */
|
||||||
xs *list = user_list();
|
xs *l = xs_split(resource, "/");
|
||||||
char *p, *uid;
|
char *uid = xs_list_get(l, -1);
|
||||||
|
|
||||||
p = list;
|
if (uid)
|
||||||
while (xs_list_iter(&p, &uid)) {
|
found = user_open(&snac, uid);
|
||||||
if (user_open(&snac, uid)) {
|
|
||||||
if (strcmp(snac.actor, resource) == 0) {
|
|
||||||
found = 1;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
user_free(&snac);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
if (xs_startswith(resource, "acct:")) {
|
if (xs_startswith(resource, "acct:")) {
|
||||||
|
@ -180,6 +172,17 @@ int webfinger_get_handler(xs_dict *req, char *q_path,
|
||||||
|
|
||||||
links = xs_list_append(links, aaj);
|
links = xs_list_append(links, aaj);
|
||||||
|
|
||||||
|
char *avatar = xs_dict_get(snac.config, "avatar");
|
||||||
|
if (!xs_is_null(avatar) && *avatar) {
|
||||||
|
xs *d = xs_dict_new();
|
||||||
|
|
||||||
|
d = xs_dict_append(d, "rel", "http:/" "/webfinger.net/rel/avatar");
|
||||||
|
d = xs_dict_append(d, "type", xs_mime_by_ext(avatar));
|
||||||
|
d = xs_dict_append(d, "href", avatar);
|
||||||
|
|
||||||
|
links = xs_list_append(links, d);
|
||||||
|
}
|
||||||
|
|
||||||
obj = xs_dict_append(obj, "subject", acct);
|
obj = xs_dict_append(obj, "subject", acct);
|
||||||
obj = xs_dict_append(obj, "links", links);
|
obj = xs_dict_append(obj, "links", links);
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue