Merge remote-tracking branch 'origin/clokep/no-validate-ui-auth-sess' into matrix-org-hotfixes
This commit is contained in:
commit
5adad58d95
|
@ -317,7 +317,7 @@ class AuthHandler(BaseHandler):
|
|||
except StoreError:
|
||||
raise SynapseError(400, "Unknown session ID: %s" % (sid,))
|
||||
|
||||
if not clientdict:
|
||||
if clientdict:
|
||||
# This was designed to allow the client to omit the parameters
|
||||
# and just supply the session in subsequent calls so it split
|
||||
# auth between devices by just sharing the session, (eg. so you
|
||||
|
@ -327,6 +327,8 @@ class AuthHandler(BaseHandler):
|
|||
# on a homeserver.
|
||||
# Revisit: Assuming the REST APIs do sensible validation, the data
|
||||
# isn't arbitrary.
|
||||
await self.store.set_ui_auth_clientdict(sid, clientdict)
|
||||
else:
|
||||
clientdict = session.clientdict
|
||||
|
||||
if not authdict:
|
||||
|
|
|
@ -172,6 +172,27 @@ class UIAuthWorkerStore(SQLBaseStore):
|
|||
|
||||
return results
|
||||
|
||||
async def set_ui_auth_clientdict(
|
||||
self, session_id: str, clientdict: JsonDict
|
||||
) -> None:
|
||||
"""
|
||||
Store an updated clientdict for a given session ID.
|
||||
|
||||
Args:
|
||||
session_id: The ID of this session as returned from check_auth
|
||||
clientdict:
|
||||
The dictionary from the client root level, not the 'auth' key.
|
||||
"""
|
||||
# The clientdict gets stored as JSON.
|
||||
clientdict_json = json.dumps(clientdict)
|
||||
|
||||
self.db.simple_update_one(
|
||||
table="ui_auth_sessions",
|
||||
keyvalues={"session_id": session_id},
|
||||
updatevalues={"clientdict": clientdict_json},
|
||||
desc="set_ui_auth_client_dict",
|
||||
)
|
||||
|
||||
async def set_ui_auth_session_data(self, session_id: str, key: str, value: Any):
|
||||
"""
|
||||
Store a key-value pair into the sessions data associated with this
|
||||
|
|
|
@ -182,6 +182,9 @@ class FallbackAuthTests(unittest.HomeserverTestCase):
|
|||
self.render(request)
|
||||
self.assertEqual(channel.code, 403)
|
||||
|
||||
# This behavior is currently disabled.
|
||||
test_cannot_change_operation.skip = True
|
||||
|
||||
def test_complete_operation_unknown_session(self):
|
||||
"""
|
||||
Attempting to mark an invalid session as complete should error.
|
||||
|
|
Loading…
Reference in a new issue