Validate that the session is not modified during UI-Auth (#7068)

2025-05-02 11:26:09 -04:00 · 2020-03-26 07:39:34 -04:00 · 2020-03-26 07:39:34 -04:00 · 1c1242acba
commit 1c1242acba
parent 6ca5e56fd1
8 changed files with 117 additions and 14 deletions
--- a/synapse/rest/client/v2_alpha/devices.py
+++ b/synapse/rest/client/v2_alpha/devices.py
@ -81,7 +81,7 @@ class DeleteDevicesRestServlet(RestServlet):
        assert_params_in_dict(body, ["devices"])

        await self.auth_handler.validate_user_via_ui_auth(
-            requester, body, self.hs.get_ip_from_request(request)
+            requester, request, body, self.hs.get_ip_from_request(request),
        )

        await self.device_handler.delete_devices(
@ -127,7 +127,7 @@ class DeviceRestServlet(RestServlet):
                raise

        await self.auth_handler.validate_user_via_ui_auth(
-            requester, body, self.hs.get_ip_from_request(request)
+            requester, request, body, self.hs.get_ip_from_request(request),
        )

        await self.device_handler.delete_device(requester.user.to_string(), device_id)