mirror of
https://git.anonymousland.org/anonymousland/synapse.git
synced 2024-12-27 06:39:25 -05:00
Only assert valid next_link params when provided (#8417)
Broken in https://github.com/matrix-org/synapse/pull/8275 and has yet to be put in a release. Fixes https://github.com/matrix-org/synapse/issues/8418. `next_link` is an optional parameter. However, we were checking whether the `next_link` param was valid, even if it wasn't provided. In that case, `next_link` was `None`, which would clearly not be a valid URL. This would prevent password reset and other operations if `next_link` was not provided, and the `next_link_domain_whitelist` config option was set.
This commit is contained in:
parent
866c84da8d
commit
1c6b8752b8
1
changelog.d/8417.feature
Normal file
1
changelog.d/8417.feature
Normal file
@ -0,0 +1 @@
|
|||||||
|
Add a config option to specify a whitelist of domains that a user can be redirected to after validating their email or phone number.
|
@ -103,6 +103,7 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
|
|||||||
Codes.THREEPID_DENIED,
|
Codes.THREEPID_DENIED,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
if next_link:
|
||||||
# Raise if the provided next_link value isn't valid
|
# Raise if the provided next_link value isn't valid
|
||||||
assert_valid_next_link(self.hs, next_link)
|
assert_valid_next_link(self.hs, next_link)
|
||||||
|
|
||||||
@ -379,6 +380,7 @@ class EmailThreepidRequestTokenRestServlet(RestServlet):
|
|||||||
Codes.THREEPID_DENIED,
|
Codes.THREEPID_DENIED,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
if next_link:
|
||||||
# Raise if the provided next_link value isn't valid
|
# Raise if the provided next_link value isn't valid
|
||||||
assert_valid_next_link(self.hs, next_link)
|
assert_valid_next_link(self.hs, next_link)
|
||||||
|
|
||||||
@ -453,6 +455,7 @@ class MsisdnThreepidRequestTokenRestServlet(RestServlet):
|
|||||||
Codes.THREEPID_DENIED,
|
Codes.THREEPID_DENIED,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
if next_link:
|
||||||
# Raise if the provided next_link value isn't valid
|
# Raise if the provided next_link value isn't valid
|
||||||
assert_valid_next_link(self.hs, next_link)
|
assert_valid_next_link(self.hs, next_link)
|
||||||
|
|
||||||
|
@ -732,6 +732,12 @@ class ThreepidEmailRestTestCase(unittest.HomeserverTestCase):
|
|||||||
@override_config({"next_link_domain_whitelist": ["example.com", "example.org"]})
|
@override_config({"next_link_domain_whitelist": ["example.com", "example.org"]})
|
||||||
def test_next_link_domain_whitelist(self):
|
def test_next_link_domain_whitelist(self):
|
||||||
"""Tests next_link parameters must fit the whitelist if provided"""
|
"""Tests next_link parameters must fit the whitelist if provided"""
|
||||||
|
|
||||||
|
# Ensure not providing a next_link parameter still works
|
||||||
|
self._request_token(
|
||||||
|
"something@example.com", "some_secret", next_link=None, expect_code=200,
|
||||||
|
)
|
||||||
|
|
||||||
self._request_token(
|
self._request_token(
|
||||||
"something@example.com",
|
"something@example.com",
|
||||||
"some_secret",
|
"some_secret",
|
||||||
|
Loading…
Reference in New Issue
Block a user