-
Notifications
You must be signed in to change notification settings - Fork 221
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Optional whitespace support in Authorization (#1350) #17145
Conversation
Concerning the CLA has no issue with signing it but would prefer to do it only if/when the PR is ready to be merged. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As the spec mentions RFC7235 explicitly for the format of the Authorization
header's value, it seems that we should indeed attempt to follow it.
We need to be careful with being more lax than the spec, lest other homeserver implementations start to rely on Synapse's behaviour, and then fail when they encounter other homeservers that follow the spec to the letter.
- Added the
X-Matrix
part to the regex^X-Matrix\s+
to make more clear what it's doing. Added it as insensitive to lower probability of issues, but since it was not checking theX-Matrix
part before it could create issues.
Note that we already check that the value of Authorization
starts with X-Matrix
(case-sensitive) here:
if auth.startswith(b"X-Matrix"): |
Thus the case-insensitivity here won't apply unless we also make that check case-insensitive. However, as the spec doesn't allow X-Matrix
to be lowercase, I think we should keep the check case-sensitive.
- On the whitespace handling of this part replaced
+
with\s+
since the parsing appear to be more lax than the spec (which if I understand correctly mandate only one space, cf1*SP
)
RFC5234 defines SP
as %x20
, aka hexadecimal 20
, or simply
. Therefore \s
, which matches any whitespace character, is not the same. Indeed, RFC7235 mandates 1*SP
.
I also think that the spec should be updated to mention in its summary of RFC7235 that spaces and tabs are allowed around commas. This would help prevent implementations from drifting apart. I don't currently see a relevant issue. I can open one, unless you'd like to.
77711ee
to
4bce0e2
Compare
Hey,
I'll let you tackle this one, maybe next time :). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The code looks good to me. Spec issue written up at matrix-org/matrix-spec#1817.
Had the notif for the failed test will add the changelog later today. |
Before merging, I've just made a call out out to others to ask if anyone has any concerns with this change accidentally introducing incompatibilities. |
Initial reactions are positive. I've made a PR to the spec to add a note about the whitespace to the summary: matrix-org/matrix-spec#1818 |
No significant changes since 1.108.0rc1. - Add a feature that allows clients to query the configured federation whitelist. Disabled by default. ([\#16848](element-hq/synapse#16848), [\#17199](element-hq/synapse#17199)) - Add the ability to allow numeric user IDs with a specific prefix when in the CAS flow. Contributed by Aurélien Grimpard. ([\#17098](element-hq/synapse#17098)) - Fix bug where push rules would be empty in `/sync` for some accounts. Introduced in v1.93.0. ([\#17142](element-hq/synapse#17142)) - Add support for optional whitespace around the Federation API's `Authorization` header's parameter commas. ([\#17145](element-hq/synapse#17145)) - Fix bug where disabling room publication prevented public rooms being created on workers. ([\#17177](element-hq/synapse#17177), [\#17184](element-hq/synapse#17184)) - Document [`/v1/make_knock`](https://spec.matrix.org/v1.10/server-server-api/#get_matrixfederationv1make_knockroomiduserid) and [`/v1/send_knock/`](https://spec.matrix.org/v1.10/server-server-api/#put_matrixfederationv1send_knockroomideventid) federation endpoints as worker-compatible. ([\#17058](element-hq/synapse#17058)) - Update User Admin API with note about prefixing OIDC external_id providers. ([\#17139](element-hq/synapse#17139)) - Clarify the state of the created room when using the `autocreate_auto_join_room_preset` config option. ([\#17150](element-hq/synapse#17150)) - Update the Admin FAQ with the current libjemalloc version for latest Debian stable. Additionally update the name of the "push_rules" stream in the Workers documentation. ([\#17171](element-hq/synapse#17171)) - Add note to reflect that [MSC3886](matrix-org/matrix-spec-proposals#3886) is closed but will remain supported for some time. ([\#17151](element-hq/synapse#17151)) - Update dependency PyO3 to 0.21. ([\#17162](element-hq/synapse#17162)) - Fixes linter errors found in PR #17147. ([\#17166](element-hq/synapse#17166)) - Bump black from 24.2.0 to 24.4.2. ([\#17170](element-hq/synapse#17170)) - Cache literal sync filter validation for performance. ([\#17186](element-hq/synapse#17186)) - Improve performance by fixing a reactor pause. ([\#17192](element-hq/synapse#17192)) - Route `/make_knock` and `/send_knock` federation APIs to the federation reader worker in Complement test runs. ([\#17195](element-hq/synapse#17195)) - Prepare sync handler to be able to return different sync responses (`SyncVersion`). ([\#17200](element-hq/synapse#17200)) - Organize the sync cache key parameter outside of the sync config (separate concerns). ([\#17201](element-hq/synapse#17201)) - Refactor `SyncResultBuilder` assembly to its own function. ([\#17202](element-hq/synapse#17202)) - Rename to be obvious: `joined_rooms` -> `joined_room_ids`. ([\#17203](element-hq/synapse#17203), [\#17208](element-hq/synapse#17208)) - Add a short pause when rate-limiting a request. ([\#17210](element-hq/synapse#17210)) * Bump cryptography from 42.0.5 to 42.0.7. ([\#17180](element-hq/synapse#17180)) * Bump gitpython from 3.1.41 to 3.1.43. ([\#17181](element-hq/synapse#17181)) * Bump immutabledict from 4.1.0 to 4.2.0. ([\#17179](element-hq/synapse#17179)) * Bump sentry-sdk from 1.40.3 to 2.1.1. ([\#17178](element-hq/synapse#17178)) * Bump serde from 1.0.200 to 1.0.201. ([\#17183](element-hq/synapse#17183)) * Bump serde_json from 1.0.116 to 1.0.117. ([\#17182](element-hq/synapse#17182))
Fix #1350 by adding support for optional whitespace around
,
.Additionally,
\s
which is more lax than the spec sinceOWS
is defined as*( SP / HTAB )
X-Matrix
part to the regex^X-Matrix\s+
to make more clear what it's doing. Added it as insensitive to lower probability of issues, but since it was not checking theX-Matrix
part before it could create issues.+
with\s+
since the parsing appear to be more lax than the spec (which if I understand correctly mandate only one space, cf1*SP
)Will of course remove it if you believe it should not be included.