From 4cae391ecf4650f418c96b93613bccef27c8935a Mon Sep 17 00:00:00 2001 From: Patrick Cloke Date: Mon, 21 Dec 2020 10:03:47 -0500 Subject: [PATCH 1/4] Return a missing params error from the sentToDevice API. --- synapse/rest/client/v2_alpha/sendtodevice.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/synapse/rest/client/v2_alpha/sendtodevice.py b/synapse/rest/client/v2_alpha/sendtodevice.py index bc4f43639a7e..a3dee14ed4a6 100644 --- a/synapse/rest/client/v2_alpha/sendtodevice.py +++ b/synapse/rest/client/v2_alpha/sendtodevice.py @@ -17,7 +17,7 @@ from typing import Tuple from synapse.http import servlet -from synapse.http.servlet import parse_json_object_from_request +from synapse.http.servlet import assert_params_in_dict, parse_json_object_from_request from synapse.logging.opentracing import set_tag, trace from synapse.rest.client.transactions import HttpTransactionCache @@ -54,6 +54,7 @@ async def _put(self, request, message_type, txn_id): requester = await self.auth.get_user_by_req(request, allow_guest=True) content = parse_json_object_from_request(request) + assert_params_in_dict(content, ("messages",)) sender_user_id = requester.user.to_string() From 531910859efe4f0400480f1ced3f067d21a557d2 Mon Sep 17 00:00:00 2001 From: Patrick Cloke Date: Mon, 21 Dec 2020 10:06:09 -0500 Subject: [PATCH 2/4] Add a newsfragment. --- changelog.d/8975.bugfix | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/8975.bugfix diff --git a/changelog.d/8975.bugfix b/changelog.d/8975.bugfix new file mode 100644 index 000000000000..75049b8e18b9 --- /dev/null +++ b/changelog.d/8975.bugfix @@ -0,0 +1 @@ +Add validation to the `sendToDevice` API to raise a missing parameters error instead of a 500 error. From 3d9832922392d7dfafb27fe15053e6593ee8e792 Mon Sep 17 00:00:00 2001 From: Patrick Cloke Date: Tue, 29 Dec 2020 08:15:55 -0500 Subject: [PATCH 3/4] Do not require messages, but no-op if it is not available. --- synapse/rest/client/v2_alpha/sendtodevice.py | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/synapse/rest/client/v2_alpha/sendtodevice.py b/synapse/rest/client/v2_alpha/sendtodevice.py index a3dee14ed4a6..9f9c797ed3fe 100644 --- a/synapse/rest/client/v2_alpha/sendtodevice.py +++ b/synapse/rest/client/v2_alpha/sendtodevice.py @@ -14,10 +14,9 @@ # limitations under the License. import logging -from typing import Tuple from synapse.http import servlet -from synapse.http.servlet import assert_params_in_dict, parse_json_object_from_request +from synapse.http.servlet import parse_json_object_from_request from synapse.logging.opentracing import set_tag, trace from synapse.rest.client.transactions import HttpTransactionCache @@ -54,16 +53,18 @@ async def _put(self, request, message_type, txn_id): requester = await self.auth.get_user_by_req(request, allow_guest=True) content = parse_json_object_from_request(request) - assert_params_in_dict(content, ("messages",)) - sender_user_id = requester.user.to_string() + # Messages is optional, but there is nothing for the server to do if it + # is not provided (or is empty). + messages = content.get("messages") + if messages: + sender_user_id = requester.user.to_string() - await self.device_message_handler.send_device_message( - sender_user_id, message_type, content["messages"] - ) + await self.device_message_handler.send_device_message( + sender_user_id, message_type, messages + ) - response = (200, {}) # type: Tuple[int, dict] - return response + return 200, {} def register_servlets(hs, http_server): From ee017da993c32c552427b1f3d9f1db8e372bfa13 Mon Sep 17 00:00:00 2001 From: Patrick Cloke Date: Tue, 29 Dec 2020 11:43:13 -0500 Subject: [PATCH 4/4] Revert "Do not require messages, but no-op if it is not available." This was determined to be a spec bug. This reverts commit 3d9832922392d7dfafb27fe15053e6593ee8e792. --- synapse/rest/client/v2_alpha/sendtodevice.py | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/synapse/rest/client/v2_alpha/sendtodevice.py b/synapse/rest/client/v2_alpha/sendtodevice.py index 9f9c797ed3fe..a3dee14ed4a6 100644 --- a/synapse/rest/client/v2_alpha/sendtodevice.py +++ b/synapse/rest/client/v2_alpha/sendtodevice.py @@ -14,9 +14,10 @@ # limitations under the License. import logging +from typing import Tuple from synapse.http import servlet -from synapse.http.servlet import parse_json_object_from_request +from synapse.http.servlet import assert_params_in_dict, parse_json_object_from_request from synapse.logging.opentracing import set_tag, trace from synapse.rest.client.transactions import HttpTransactionCache @@ -53,18 +54,16 @@ async def _put(self, request, message_type, txn_id): requester = await self.auth.get_user_by_req(request, allow_guest=True) content = parse_json_object_from_request(request) + assert_params_in_dict(content, ("messages",)) - # Messages is optional, but there is nothing for the server to do if it - # is not provided (or is empty). - messages = content.get("messages") - if messages: - sender_user_id = requester.user.to_string() + sender_user_id = requester.user.to_string() - await self.device_message_handler.send_device_message( - sender_user_id, message_type, messages - ) + await self.device_message_handler.send_device_message( + sender_user_id, message_type, content["messages"] + ) - return 200, {} + response = (200, {}) # type: Tuple[int, dict] + return response def register_servlets(hs, http_server):