Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Reject device display names that are too long (#6882)
Browse files Browse the repository at this point in the history
* commit 'a92e703ab':
  Reject device display names that are too long (#6882)
  • Loading branch information
anoadragon453 committed Mar 23, 2020
2 parents d83725c + a92e703 commit 1dbb430
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 1 deletion.
1 change: 1 addition & 0 deletions changelog.d/6882.misc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Reject device display names over 100 characters in length.
14 changes: 13 additions & 1 deletion synapse/handlers/device.py
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
FederationDeniedError,
HttpResponseException,
RequestSendFailed,
SynapseError,
)
from synapse.logging.opentracing import log_kv, set_tag, trace
from synapse.types import RoomStreamToken, get_domain_from_id
Expand All @@ -39,6 +40,8 @@

logger = logging.getLogger(__name__)

MAX_DEVICE_DISPLAY_NAME_LEN = 100


class DeviceWorkerHandler(BaseHandler):
def __init__(self, hs):
Expand Down Expand Up @@ -404,9 +407,18 @@ def update_device(self, user_id, device_id, content):
defer.Deferred:
"""

# Reject a new displayname which is too long.
new_display_name = content.get("display_name")
if new_display_name and len(new_display_name) > MAX_DEVICE_DISPLAY_NAME_LEN:
raise SynapseError(
400,
"Device display name is too long (max %i)"
% (MAX_DEVICE_DISPLAY_NAME_LEN,),
)

try:
yield self.store.update_device(
user_id, device_id, new_display_name=content.get("display_name")
user_id, device_id, new_display_name=new_display_name
)
yield self.notify_device_update(user_id, [device_id])
except errors.StoreError as e:
Expand Down
18 changes: 18 additions & 0 deletions tests/handlers/test_device.py
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,24 @@ def test_update_device(self):
res = self.get_success(self.handler.get_device(user1, "abc"))
self.assertEqual(res["display_name"], "new display")

def test_update_device_too_long_display_name(self):
"""Update a device with a display name that is invalid (too long)."""
self._record_users()

# Request to update a device display name with a new value that is longer than allowed.
update = {
"display_name": "a"
* (synapse.handlers.device.MAX_DEVICE_DISPLAY_NAME_LEN + 1)
}
self.get_failure(
self.handler.update_device(user1, "abc", update),
synapse.api.errors.SynapseError,
)

# Ensure the display name was not updated.
res = self.get_success(self.handler.get_device(user1, "abc"))
self.assertEqual(res["display_name"], "display 2")

def test_update_unknown_device(self):
update = {"display_name": "new_display"}
res = self.handler.update_device("user_id", "unknown_device_id", update)
Expand Down

0 comments on commit 1dbb430

Please sign in to comment.