mirror of
https://github.com/element-hq/synapse.git
synced 2024-11-24 18:45:52 +03:00
validate room alias before interacting with the room directory (#13106)
This commit is contained in:
parent
f33356e8f8
commit
d54909956e
3 changed files with 20 additions and 0 deletions
1
changelog.d/13106.bugfix
Normal file
1
changelog.d/13106.bugfix
Normal file
|
@ -0,0 +1 @@
|
|||
Fix a long-standing bug where room directory requests would cause an internal server error if given a malformed room alias.
|
|
@ -46,6 +46,8 @@ class ClientDirectoryServer(RestServlet):
|
|||
self.auth = hs.get_auth()
|
||||
|
||||
async def on_GET(self, request: Request, room_alias: str) -> Tuple[int, JsonDict]:
|
||||
if not RoomAlias.is_valid(room_alias):
|
||||
raise SynapseError(400, "Room alias invalid", errcode=Codes.INVALID_PARAM)
|
||||
room_alias_obj = RoomAlias.from_string(room_alias)
|
||||
|
||||
res = await self.directory_handler.get_association(room_alias_obj)
|
||||
|
@ -55,6 +57,8 @@ class ClientDirectoryServer(RestServlet):
|
|||
async def on_PUT(
|
||||
self, request: SynapseRequest, room_alias: str
|
||||
) -> Tuple[int, JsonDict]:
|
||||
if not RoomAlias.is_valid(room_alias):
|
||||
raise SynapseError(400, "Room alias invalid", errcode=Codes.INVALID_PARAM)
|
||||
room_alias_obj = RoomAlias.from_string(room_alias)
|
||||
|
||||
content = parse_json_object_from_request(request)
|
||||
|
@ -89,6 +93,8 @@ class ClientDirectoryServer(RestServlet):
|
|||
async def on_DELETE(
|
||||
self, request: SynapseRequest, room_alias: str
|
||||
) -> Tuple[int, JsonDict]:
|
||||
if not RoomAlias.is_valid(room_alias):
|
||||
raise SynapseError(400, "Room alias invalid", errcode=Codes.INVALID_PARAM)
|
||||
room_alias_obj = RoomAlias.from_string(room_alias)
|
||||
requester = await self.auth.get_user_by_req(request)
|
||||
|
||||
|
|
|
@ -215,6 +215,19 @@ class DirectoryTestCase(unittest.HomeserverTestCase):
|
|||
self.assertEqual(channel.code, expected_code, channel.result)
|
||||
return alias
|
||||
|
||||
def test_invalid_alias(self) -> None:
|
||||
alias = "#potato"
|
||||
channel = self.make_request(
|
||||
"GET",
|
||||
f"/_matrix/client/r0/directory/room/{alias}",
|
||||
access_token=self.user_tok,
|
||||
)
|
||||
self.assertEqual(channel.code, HTTPStatus.BAD_REQUEST, channel.result)
|
||||
self.assertIn("error", channel.json_body, channel.json_body)
|
||||
self.assertEqual(
|
||||
channel.json_body["errcode"], "M_INVALID_PARAM", channel.json_body
|
||||
)
|
||||
|
||||
def random_alias(self, length: int) -> str:
|
||||
return RoomAlias(random_string(length), self.hs.hostname).to_string()
|
||||
|
||||
|
|
Loading…
Reference in a new issue