From 522a373c688150e473a1b386b83023705ac88519 Mon Sep 17 00:00:00 2001
From: Tulir Asokan <tulir@maunium.net>
Date: Tue, 3 Jun 2025 00:32:07 +0300
Subject: [PATCH] id: validate server names in UserID.ParseAndValidate

---
 id/userid.go | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/id/userid.go b/id/userid.go
index 59136013..6d9f4080 100644
--- a/id/userid.go
+++ b/id/userid.go
@@ -30,10 +30,11 @@ func NewEncodedUserID(localpart, homeserver string) UserID {
 }
 
 var (
-	ErrInvalidUserID         = errors.New("is not a valid user ID")
-	ErrNoncompliantLocalpart = errors.New("contains characters that are not allowed")
-	ErrUserIDTooLong         = errors.New("the given user ID is longer than 255 characters")
-	ErrEmptyLocalpart        = errors.New("empty localparts are not allowed")
+	ErrInvalidUserID          = errors.New("is not a valid user ID")
+	ErrNoncompliantLocalpart  = errors.New("contains characters that are not allowed")
+	ErrUserIDTooLong          = errors.New("the given user ID is longer than 255 characters")
+	ErrEmptyLocalpart         = errors.New("empty localparts are not allowed")
+	ErrNoncompliantServerPart = errors.New("is not a valid server name")
 )
 
 // ParseCommonIdentifier parses a common identifier according to https://spec.matrix.org/v1.9/appendices/#common-identifier-format
@@ -113,6 +114,9 @@ func (userID UserID) ParseAndValidate() (localpart, homeserver string, err error
 	if err == nil && len(userID) > UserIDMaxLength {
 		err = ErrUserIDTooLong
 	}
+	if err == nil && !ValidateServerName(homeserver) {
+		err = fmt.Errorf("%q %q", homeserver, ErrNoncompliantServerPart)
+	}
 	return
 }