mirror of
https://gitlab.com/famedly/conduit.git
synced 2024-11-09 06:21:06 +01:00
Return proper error in case of invalid UTF-8 in json_body
json_body is used in places that need authentication. In case an unknown field is set, Ruma doesn't parse the field and so doesn't give an error on invalid UTF-8. But Conduit has parsed and on error makes json_body None. Return an error to the client instead of generating an internal error.
This commit is contained in:
parent
cc9111059d
commit
699f77671f
3 changed files with 53 additions and 49 deletions
|
@ -157,15 +157,19 @@ pub async fn register_route(
|
||||||
}
|
}
|
||||||
// Success!
|
// Success!
|
||||||
} else {
|
} else {
|
||||||
|
if let Some(json) = body.json_body {
|
||||||
uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
|
uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
|
||||||
db.uiaa.create(
|
db.uiaa.create(
|
||||||
&UserId::parse_with_server_name("", db.globals.server_name())
|
&UserId::parse_with_server_name("", db.globals.server_name())
|
||||||
.expect("we know this is valid"),
|
.expect("we know this is valid"),
|
||||||
"".into(),
|
"".into(),
|
||||||
&uiaainfo,
|
&uiaainfo,
|
||||||
&body.json_body.expect("body is json"),
|
&json,
|
||||||
)?;
|
)?;
|
||||||
return Err(Error::Uiaa(uiaainfo));
|
return Err(Error::Uiaa(uiaainfo));
|
||||||
|
} else {
|
||||||
|
return Err(Error::BadRequest(ErrorKind::NotJson, "Not json."));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -526,14 +530,14 @@ pub async fn change_password_route(
|
||||||
}
|
}
|
||||||
// Success!
|
// Success!
|
||||||
} else {
|
} else {
|
||||||
|
if let Some(json) = body.json_body {
|
||||||
uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
|
uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
|
||||||
db.uiaa.create(
|
db.uiaa
|
||||||
&sender_user,
|
.create(&sender_user, &sender_device, &uiaainfo, &json)?;
|
||||||
&sender_device,
|
|
||||||
&uiaainfo,
|
|
||||||
&body.json_body.expect("body is json"),
|
|
||||||
)?;
|
|
||||||
return Err(Error::Uiaa(uiaainfo));
|
return Err(Error::Uiaa(uiaainfo));
|
||||||
|
} else {
|
||||||
|
return Err(Error::BadRequest(ErrorKind::NotJson, "Not json."));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
db.users
|
db.users
|
||||||
|
@ -618,14 +622,14 @@ pub async fn deactivate_route(
|
||||||
}
|
}
|
||||||
// Success!
|
// Success!
|
||||||
} else {
|
} else {
|
||||||
|
if let Some(json) = body.json_body {
|
||||||
uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
|
uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
|
||||||
db.uiaa.create(
|
db.uiaa
|
||||||
&sender_user,
|
.create(&sender_user, &sender_device, &uiaainfo, &json)?;
|
||||||
&sender_device,
|
|
||||||
&uiaainfo,
|
|
||||||
&body.json_body.expect("body is json"),
|
|
||||||
)?;
|
|
||||||
return Err(Error::Uiaa(uiaainfo));
|
return Err(Error::Uiaa(uiaainfo));
|
||||||
|
} else {
|
||||||
|
return Err(Error::BadRequest(ErrorKind::NotJson, "Not json."));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Leave all joined rooms and reject all invitations
|
// Leave all joined rooms and reject all invitations
|
||||||
|
|
|
@ -116,14 +116,14 @@ pub async fn delete_device_route(
|
||||||
}
|
}
|
||||||
// Success!
|
// Success!
|
||||||
} else {
|
} else {
|
||||||
|
if let Some(json) = body.json_body {
|
||||||
uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
|
uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
|
||||||
db.uiaa.create(
|
db.uiaa
|
||||||
&sender_user,
|
.create(&sender_user, &sender_device, &uiaainfo, &json)?;
|
||||||
&sender_device,
|
|
||||||
&uiaainfo,
|
|
||||||
&body.json_body.expect("body is json"),
|
|
||||||
)?;
|
|
||||||
return Err(Error::Uiaa(uiaainfo));
|
return Err(Error::Uiaa(uiaainfo));
|
||||||
|
} else {
|
||||||
|
return Err(Error::BadRequest(ErrorKind::NotJson, "Not json."));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
db.users.remove_device(&sender_user, &body.device_id)?;
|
db.users.remove_device(&sender_user, &body.device_id)?;
|
||||||
|
@ -170,14 +170,14 @@ pub async fn delete_devices_route(
|
||||||
}
|
}
|
||||||
// Success!
|
// Success!
|
||||||
} else {
|
} else {
|
||||||
|
if let Some(json) = body.json_body {
|
||||||
uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
|
uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
|
||||||
db.uiaa.create(
|
db.uiaa
|
||||||
&sender_user,
|
.create(&sender_user, &sender_device, &uiaainfo, &json)?;
|
||||||
&sender_device,
|
|
||||||
&uiaainfo,
|
|
||||||
&body.json_body.expect("body is json"),
|
|
||||||
)?;
|
|
||||||
return Err(Error::Uiaa(uiaainfo));
|
return Err(Error::Uiaa(uiaainfo));
|
||||||
|
} else {
|
||||||
|
return Err(Error::BadRequest(ErrorKind::NotJson, "Not json."));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
for device_id in &body.devices {
|
for device_id in &body.devices {
|
||||||
|
|
|
@ -145,14 +145,14 @@ pub async fn upload_signing_keys_route(
|
||||||
}
|
}
|
||||||
// Success!
|
// Success!
|
||||||
} else {
|
} else {
|
||||||
|
if let Some(json) = body.json_body {
|
||||||
uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
|
uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
|
||||||
db.uiaa.create(
|
db.uiaa
|
||||||
&sender_user,
|
.create(&sender_user, &sender_device, &uiaainfo, &json)?;
|
||||||
&sender_device,
|
|
||||||
&uiaainfo,
|
|
||||||
&body.json_body.expect("body is json"),
|
|
||||||
)?;
|
|
||||||
return Err(Error::Uiaa(uiaainfo));
|
return Err(Error::Uiaa(uiaainfo));
|
||||||
|
} else {
|
||||||
|
return Err(Error::BadRequest(ErrorKind::NotJson, "Not json."));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if let Some(master_key) = &body.master_key {
|
if let Some(master_key) = &body.master_key {
|
||||||
|
|
Loading…
Reference in a new issue