Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Last batch of Pydantic for synapse/rest/client/account.py #13832

Merged
merged 3 commits into from
Sep 21, 2022
Merged

Last batch of Pydantic for synapse/rest/client/account.py #13832

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ea26eee
Validation for `/add_threepid/msisdn/submit_token`
Sep 16, 2022
ba7f436
Don't validate deprecated endpoint
Sep 16, 2022
ec13e31
Changelog
Sep 16, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/13832.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Improve validation for the unspecced, internal-only `_matrix/client/unstable/add_threepid/msisdn/submit_token` endpoint.
19 changes: 13 additions & 6 deletions synapse/rest/client/account.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -534,6 +534,11 @@ class AddThreepidMsisdnSubmitTokenServlet(RestServlet):
"/add_threepid/msisdn/submit_token$", releases=(), unstable=True
)

class PostBody(RequestBodyModel):
client_secret: ClientSecretStr
sid: StrictStr
token: StrictStr

def __init__(self, hs: "HomeServer"):
super().__init__()
self.config = hs.config
Expand All @@ -549,16 +554,14 @@ async def on_POST(self, request: Request) -> Tuple[int, JsonDict]:
"instead.",
)

body = parse_json_object_from_request(request)
assert_params_in_dict(body, ["client_secret", "sid", "token"])
assert_valid_client_secret(body["client_secret"])
body = parse_and_validate_json_object_from_request(request, self.PostBody)

# Proxy submit_token request to msisdn threepid delegate
response = await self.identity_handler.proxy_msisdn_submit_token(
self.config.registration.account_threepid_delegate_msisdn,
body["client_secret"],
body["sid"],
body["token"],
body.client_secret,
body.sid,
body.token,
)
return 200, response

Expand All @@ -581,6 +584,10 @@ async def on_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]:

return 200, {"threepids": threepids}

# NOTE(dmr): I have chosen not to use Pydantic to parse this request's body, because
# the endpoint is deprecated. (If you really want to, you could do this by reusing
# ThreePidBindRestServelet.PostBody with an `alias_generator` to handle
# `threePidCreds` versus `three_pid_creds`.
Comment on lines +587 to +590
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For breadcrumbs, see #13690.

async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
if not self.hs.config.registration.enable_3pid_changes:
raise SynapseError(
Expand Down