0
0
Fork 1
mirror of https://mau.dev/maunium/synapse.git synced 2024-12-14 14:03:54 +01:00

Raise a SynapseError if the authorisation header is missing or malformed

This commit is contained in:
Mark Haines 2014-10-13 15:53:18 +01:00
parent 75e517a2da
commit 25d80f35f1
2 changed files with 31 additions and 19 deletions

View file

@ -211,36 +211,44 @@ class TransportLayer(object):
if request.method == "PUT":
#TODO: Handle other method types? other content types?
content_bytes = request.content.read()
content = json.loads(content_bytes)
json_request["content"] = content
try:
content_bytes = request.content.read()
content = json.loads(content_bytes)
json_request["content"] = content
except:
raise SynapseError(400, "Unable to parse JSON", Codes.BAD_JSON)
def parse_auth_header(header_str):
params = auth.split(" ")[1].split(",")
param_dict = dict(kv.split("=") for kv in params)
def strip_quotes(value):
if value.startswith("\""):
return value[1:-1]
else:
return value
origin = strip_quotes(param_dict["origin"])
key = strip_quotes(param_dict["key"])
sig = strip_quotes(param_dict["sig"])
return (origin, key, sig)
try:
params = auth.split(" ")[1].split(",")
param_dict = dict(kv.split("=") for kv in params)
def strip_quotes(value):
if value.startswith("\""):
return value[1:-1]
else:
return value
origin = strip_quotes(param_dict["origin"])
key = strip_quotes(param_dict["key"])
sig = strip_quotes(param_dict["sig"])
return (origin, key, sig)
except:
raise SynapseError(
400, "Malformed Authorization Header", Codes.FORBIDDEN
)
auth_headers = request.requestHeaders.getRawHeaders(b"Authorization")
if not auth_headers:
raise SynapseError(
401, "Missing Authorization headers", Codes.FORBIDDEN,
)
for auth in auth_headers:
if auth.startswith("X-Matrix"):
(origin, key, sig) = parse_auth_header(auth)
json_request["origin"] = origin
json_request["signatures"].setdefault(origin,{})[key] = sig
if not json_request["signatures"]:
raise SynapseError(
401, "Missing Authorization headers", Codes.FORBIDDEN,
)
yield self.keyring.verify_json_for_server(origin, json_request)
defer.returnValue((origin, content))

View file

@ -79,6 +79,10 @@ class MockHttpResource(HttpServer):
mock_request.method = http_method
mock_request.uri = path
mock_request.requestHeaders.getRawHeaders.return_value=[
"X-Matrix origin=test,key=,sig="
]
# return the right path if the event requires it
mock_request.path = path