mirror of
https://git.anonymousland.org/anonymousland/synapse.git
synced 2025-05-02 22:14:55 -04:00
Sanity check identity server passed to bind/unbind. (#9802)
Signed-off-by: Denis Kasak <dkasak@termina.org.uk>
This commit is contained in:
Denis Kasak
GitHub
parent
2b7dd21655
commit
e694a598f8
3 changed files with 59 additions and 3 deletions
|
|
@ -15,7 +15,6 @@
|
|||
# limitations under the License.
|
||||
|
||||
"""Utilities for interacting with Identity Servers"""
|
||||
|
||||
import logging
|
||||
import urllib.parse
|
||||
from typing import Awaitable, Callable, Dict, List, Optional, Tuple
|
||||
|
|
@ -34,7 +33,11 @@ from synapse.http.site import SynapseRequest
|
|||
from synapse.types import JsonDict, Requester
|
||||
from synapse.util import json_decoder
|
||||
from synapse.util.hash import sha256_and_url_safe_base64
|
||||
from synapse.util.stringutils import assert_valid_client_secret, random_string
|
||||
from synapse.util.stringutils import (
|
||||
assert_valid_client_secret,
|
||||
random_string,
|
||||
valid_id_server_location,
|
||||
)
|
||||
|
||||
from ._base import BaseHandler
|
||||
|
||||
|
|
@ -172,6 +175,11 @@ class IdentityHandler(BaseHandler):
|
|||
server with, if necessary. Required if use_v2 is true
|
||||
use_v2: Whether to use v2 Identity Service API endpoints. Defaults to True
|
||||
|
||||
Raises:
|
||||
SynapseError: On any of the following conditions
|
||||
- the supplied id_server is not a valid identity server name
|
||||
- we failed to contact the supplied identity server
|
||||
|
||||
Returns:
|
||||
The response from the identity server
|
||||
"""
|
||||
|
|
@ -181,6 +189,12 @@ class IdentityHandler(BaseHandler):
|
|||
if id_access_token is None:
|
||||
use_v2 = False
|
||||
|
||||
if not valid_id_server_location(id_server):
|
||||
raise SynapseError(
|
||||
400,
|
||||
"id_server must be a valid hostname with optional port and path components",
|
||||
)
|
||||
|
||||
# Decide which API endpoint URLs to use
|
||||
headers = {}
|
||||
bind_data = {"sid": sid, "client_secret": client_secret, "mxid": mxid}
|
||||
|
|
@ -269,12 +283,21 @@ class IdentityHandler(BaseHandler):
|
|||
id_server: Identity server to unbind from
|
||||
|
||||
Raises:
|
||||
SynapseError: If we failed to contact the identity server
|
||||
SynapseError: On any of the following conditions
|
||||
- the supplied id_server is not a valid identity server name
|
||||
- we failed to contact the supplied identity server
|
||||
|
||||
Returns:
|
||||
True on success, otherwise False if the identity
|
||||
server doesn't support unbinding
|
||||
"""
|
||||
|
||||
if not valid_id_server_location(id_server):
|
||||
raise SynapseError(
|
||||
400,
|
||||
"id_server must be a valid hostname with optional port and path components",
|
||||
)
|
||||
|
||||
url = "https://%s/_matrix/identity/api/v1/3pid/unbind" % (id_server,)
|
||||
url_bytes = "/_matrix/identity/api/v1/3pid/unbind".encode("ascii")
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue