Matrix-Mirrors/synapse-product
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/synapse-product.git synced 2024-09-16 19:32:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Handle an empty cookie as an invalid macaroon. (#9620)

Browse Source 
* Handle an empty cookie as an invalid macaroon.

* Newsfragment
This commit is contained in:
Patrick Cloke 2021-03-16 07:29:35 -04:00 committed by GitHub
parent dd69110d95
commit 1383508f29
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
changelog.d/9620.bugfix Normal file
View File

@ -0,0 +1 @@
Fix a bug introduced in v1.28.0 where the OpenID Connect callback endpoint could error with a `MacaroonInitException`.

3
synapse/handlers/oidc_handler.py
View File

@ -29,6 +29,7 @@ from authlib.oidc.discovery import OpenIDProviderMetadata, get_well_known_url
from jinja2 import Environment, Template from jinja2 import Environment, Template
from pymacaroons.exceptions import ( from pymacaroons.exceptions import (
MacaroonDeserializationException, MacaroonDeserializationException,
MacaroonInitException,
MacaroonInvalidSignatureException, MacaroonInvalidSignatureException,
) )
from typing_extensions import TypedDict from typing_extensions import TypedDict
@ -217,7 +218,7 @@ class OidcHandler:
session_data = self._token_generator.verify_oidc_session_token( session_data = self._token_generator.verify_oidc_session_token(
session, state session, state
) )
except (MacaroonDeserializationException, KeyError) as e: except (MacaroonInitException, MacaroonDeserializationException, KeyError) as e:
logger.exception("Invalid session for OIDC callback") logger.exception("Invalid session for OIDC callback")
self._sso_handler.render_error(request, "invalid_session", str(e)) self._sso_handler.render_error(request, "invalid_session", str(e))
return return