From 79ebfbe7c62400a2b63d67fb65b1abce29d8bf38 Mon Sep 17 00:00:00 2001
From: Richard van der Hoff <richard@matrix.org>
Date: Tue, 9 Aug 2016 16:29:28 +0100
Subject: [PATCH] /login: Respond with a 403 when we get an invalid
 m.login.token

---
 synapse/handlers/auth.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
index 1d3641b7a..82998a81c 100644
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@@ -719,14 +719,14 @@ class AuthHandler(BaseHandler):
         return macaroon.serialize()
 
     def validate_short_term_login_token_and_get_user_id(self, login_token):
+        auth_api = self.hs.get_auth()
         try:
-            auth_api = self.hs.get_auth()
             macaroon = pymacaroons.Macaroon.deserialize(login_token)
             user_id = auth_api.get_user_id_from_macaroon(macaroon)
             auth_api.validate_macaroon(macaroon, "login", True, user_id)
             return user_id
-        except (pymacaroons.exceptions.MacaroonException, TypeError, ValueError):
-            raise AuthError(401, "Invalid token", errcode=Codes.UNKNOWN_TOKEN)
+        except Exception:
+            raise AuthError(403, "Invalid token", errcode=Codes.FORBIDDEN)
 
     def _generate_base_macaroon(self, user_id):
         macaroon = pymacaroons.Macaroon(