forked from MirrorHub/synapse
Add additional validation for the admin register endpoint. (#8837)
Raise a proper 400 error if the `mac` field is missing.
This commit is contained in:
parent
e41720d85f
commit
c4675e1b24
2 changed files with 4 additions and 0 deletions
1
changelog.d/8837.bugfix
Normal file
1
changelog.d/8837.bugfix
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Fix a long standing bug in the register admin endpoint (`/_synapse/admin/v1/register`) when the `mac` field was not provided. The endpoint now properly returns a 400 error. Contributed by @edwargix.
|
|
@ -420,6 +420,9 @@ class UserRegisterServlet(RestServlet):
|
||||||
if user_type is not None and user_type not in UserTypes.ALL_USER_TYPES:
|
if user_type is not None and user_type not in UserTypes.ALL_USER_TYPES:
|
||||||
raise SynapseError(400, "Invalid user type")
|
raise SynapseError(400, "Invalid user type")
|
||||||
|
|
||||||
|
if "mac" not in body:
|
||||||
|
raise SynapseError(400, "mac must be specified", errcode=Codes.BAD_JSON)
|
||||||
|
|
||||||
got_mac = body["mac"]
|
got_mac = body["mac"]
|
||||||
|
|
||||||
want_mac_builder = hmac.new(
|
want_mac_builder = hmac.new(
|
||||||
|
|
Loading…
Reference in a new issue