Raise a SynapseError if the authorisation header is missing or malformed

This commit is contained in:
Mark Haines 2014-10-13 15:53:18 +01:00
parent 75e517a2da
commit 25d80f35f1
2 changed files with 31 additions and 19 deletions

View File

@ -211,36 +211,44 @@ class TransportLayer(object):
if request.method == "PUT": if request.method == "PUT":
#TODO: Handle other method types? other content types? #TODO: Handle other method types? other content types?
content_bytes = request.content.read() try:
content = json.loads(content_bytes) content_bytes = request.content.read()
json_request["content"] = content content = json.loads(content_bytes)
json_request["content"] = content
except:
raise SynapseError(400, "Unable to parse JSON", Codes.BAD_JSON)
def parse_auth_header(header_str): def parse_auth_header(header_str):
params = auth.split(" ")[1].split(",") try:
param_dict = dict(kv.split("=") for kv in params) params = auth.split(" ")[1].split(",")
def strip_quotes(value): param_dict = dict(kv.split("=") for kv in params)
if value.startswith("\""): def strip_quotes(value):
return value[1:-1] if value.startswith("\""):
else: return value[1:-1]
return value else:
origin = strip_quotes(param_dict["origin"]) return value
key = strip_quotes(param_dict["key"]) origin = strip_quotes(param_dict["origin"])
sig = strip_quotes(param_dict["sig"]) key = strip_quotes(param_dict["key"])
return (origin, key, sig) sig = strip_quotes(param_dict["sig"])
return (origin, key, sig)
except:
raise SynapseError(
400, "Malformed Authorization Header", Codes.FORBIDDEN
)
auth_headers = request.requestHeaders.getRawHeaders(b"Authorization") auth_headers = request.requestHeaders.getRawHeaders(b"Authorization")
if not auth_headers:
raise SynapseError(
401, "Missing Authorization headers", Codes.FORBIDDEN,
)
for auth in auth_headers: for auth in auth_headers:
if auth.startswith("X-Matrix"): if auth.startswith("X-Matrix"):
(origin, key, sig) = parse_auth_header(auth) (origin, key, sig) = parse_auth_header(auth)
json_request["origin"] = origin json_request["origin"] = origin
json_request["signatures"].setdefault(origin,{})[key] = sig json_request["signatures"].setdefault(origin,{})[key] = sig
if not json_request["signatures"]:
raise SynapseError(
401, "Missing Authorization headers", Codes.FORBIDDEN,
)
yield self.keyring.verify_json_for_server(origin, json_request) yield self.keyring.verify_json_for_server(origin, json_request)
defer.returnValue((origin, content)) defer.returnValue((origin, content))

View File

@ -79,6 +79,10 @@ class MockHttpResource(HttpServer):
mock_request.method = http_method mock_request.method = http_method
mock_request.uri = path mock_request.uri = path
mock_request.requestHeaders.getRawHeaders.return_value=[
"X-Matrix origin=test,key=,sig="
]
# return the right path if the event requires it # return the right path if the event requires it
mock_request.path = path mock_request.path = path