Don't allow creating users which user name strings only differ in case.

This commit is contained in:
default 2023-10-13 06:33:12 +02:00
parent e127269a4a
commit 253e7f9eaa
5 changed files with 47 additions and 19 deletions

View file

@ -53,4 +53,4 @@ snac.o: snac.c xs.h xs_io.h xs_unicode.h xs_json.h xs_curl.h xs_openssl.h \
upgrade.o: upgrade.c xs.h xs_io.h xs_json.h xs_glob.h snac.h
utils.o: utils.c xs.h xs_io.h xs_json.h xs_time.h xs_openssl.h \
xs_random.h snac.h
webfinger.o: webfinger.c xs.h xs_json.h xs_curl.h snac.h
webfinger.o: webfinger.c xs.h xs_json.h xs_curl.h xs_mime.h snac.h

28
data.c
View file

@ -154,12 +154,34 @@ int user_open(snac *snac, const char *uid)
memset(snac, '\0', sizeof(struct _snac));
if (validate_uid(uid)) {
xs *cfg_file;
xs *cfg_file = NULL;
FILE *f;
xs *t = xs_fmt("%s/user/%s", srv_basedir, uid);
if (mtime(t) == 0.0) {
/* user folder does not exist; try with a different case */
xs *lcuid = xs_tolower_i(xs_dup(uid));
xs *ulist = user_list();
xs_list *p = ulist;
xs_str *v;
while (xs_list_iter(&p, &v)) {
xs *v2 = xs_tolower_i(xs_dup(v));
if (strcmp(lcuid, v2) == 0) {
snac->uid = xs_dup(v);
break;
}
}
}
else
snac->uid = xs_str_new(uid);
snac->basedir = xs_fmt("%s/user/%s", srv_basedir, uid);
if (snac->uid == NULL)
return ret;
snac->basedir = xs_fmt("%s/user/%s", srv_basedir, snac->uid);
cfg_file = xs_fmt("%s/user.json", snac->basedir);
@ -176,7 +198,7 @@ int user_open(snac *snac, const char *uid)
fclose(f);
if (snac->key != NULL) {
snac->actor = xs_fmt("%s/%s", srv_baseurl, uid);
snac->actor = xs_fmt("%s/%s", srv_baseurl, snac->uid);
snac->md5 = xs_md5_hex(snac->actor, strlen(snac->actor));
/* everything is ok right now */

3
snac.c
View file

@ -79,6 +79,9 @@ double ftime(void)
int validate_uid(const char *uid)
/* returns if uid is a valid identifier */
{
if (!uid || *uid == '\0')
return 0;
while (*uid) {
if (!(isalnum(*uid) || *uid == '_'))
return 0;

View file

@ -244,7 +244,7 @@ int adduser(const char *uid)
}
if (user_open(&snac, uid)) {
printf("ERROR: user '%s' already exists\n", uid);
printf("ERROR: user '%s' already exists\n", snac.uid);
return 1;
}

View file

@ -4,6 +4,7 @@
#include "xs.h"
#include "xs_json.h"
#include "xs_curl.h"
#include "xs_mime.h"
#include "snac.h"
@ -128,20 +129,11 @@ int webfinger_get_handler(xs_dict *req, char *q_path,
if (xs_startswith(resource, "https:/" "/")) {
/* actor search: find a user with this actor */
xs *list = user_list();
char *p, *uid;
xs *l = xs_split(resource, "/");
char *uid = xs_list_get(l, -1);
p = list;
while (xs_list_iter(&p, &uid)) {
if (user_open(&snac, uid)) {
if (strcmp(snac.actor, resource) == 0) {
found = 1;
break;
}
user_free(&snac);
}
}
if (uid)
found = user_open(&snac, uid);
}
else
if (xs_startswith(resource, "acct:")) {
@ -180,6 +172,17 @@ int webfinger_get_handler(xs_dict *req, char *q_path,
links = xs_list_append(links, aaj);
char *avatar = xs_dict_get(snac.config, "avatar");
if (!xs_is_null(avatar) && *avatar) {
xs *d = xs_dict_new();
d = xs_dict_append(d, "rel", "http:/" "/webfinger.net/rel/avatar");
d = xs_dict_append(d, "type", xs_mime_by_ext(avatar));
d = xs_dict_append(d, "href", avatar);
links = xs_list_append(links, d);
}
obj = xs_dict_append(obj, "subject", acct);
obj = xs_dict_append(obj, "links", links);