Use parse_json_object_from_request to parse JSON out of request bodies

This commit is contained in:
Mark Haines 2016-03-11 16:41:03 +00:00
parent c081228439
commit e9c1cabac2
11 changed files with 49 additions and 90 deletions

View File

@ -18,6 +18,7 @@ from twisted.internet import defer
from synapse.api.urls import FEDERATION_PREFIX as PREFIX from synapse.api.urls import FEDERATION_PREFIX as PREFIX
from synapse.api.errors import Codes, SynapseError from synapse.api.errors import Codes, SynapseError
from synapse.http.server import JsonResource from synapse.http.server import JsonResource
from synapse.http.servlet import parse_json_object_from_request
from synapse.util.ratelimitutils import FederationRateLimiter from synapse.util.ratelimitutils import FederationRateLimiter
import functools import functools
@ -419,8 +420,7 @@ class On3pidBindServlet(BaseFederationServlet):
@defer.inlineCallbacks @defer.inlineCallbacks
def on_POST(self, request): def on_POST(self, request):
content_bytes = request.content.read() content = parse_json_object_from_request(request)
content = json.loads(content_bytes)
if "invites" in content: if "invites" in content:
last_exception = None last_exception = None
for invite in content["invites"]: for invite in content["invites"]:

View File

@ -128,13 +128,20 @@ def parse_json_object_from_request(request):
if it wasn't a JSON object. if it wasn't a JSON object.
""" """
try: try:
content = simplejson.loads(request.content.read()) content_bytes = request.content.read()
except:
raise SynapseError(400, "Error reading JSON content.")
try:
content = simplejson.loads(content_bytes)
except simplejson.JSONDecodeError:
raise SynapseError(400, "Content not JSON.", errcode=Codes.NOT_JSON)
if type(content) != dict: if type(content) != dict:
message = "Content must be a JSON object." message = "Content must be a JSON object."
raise SynapseError(400, message, errcode=Codes.BAD_JSON) raise SynapseError(400, message, errcode=Codes.BAD_JSON)
return content return content
except simplejson.JSONDecodeError:
raise SynapseError(400, "Content not JSON.", errcode=Codes.NOT_JSON)
class RestServlet(object): class RestServlet(object):

View File

@ -19,9 +19,9 @@ from twisted.internet import defer
from synapse.api.errors import SynapseError, AuthError from synapse.api.errors import SynapseError, AuthError
from synapse.types import UserID from synapse.types import UserID
from synapse.http.servlet import parse_json_object_from_request
from .base import ClientV1RestServlet, client_path_patterns from .base import ClientV1RestServlet, client_path_patterns
import simplejson as json
import logging import logging
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -56,9 +56,10 @@ class PresenceStatusRestServlet(ClientV1RestServlet):
raise AuthError(403, "Can only set your own presence state") raise AuthError(403, "Can only set your own presence state")
state = {} state = {}
try:
content = json.loads(request.content.read())
content = parse_json_object_from_request(request)
try:
state["presence"] = content.pop("presence") state["presence"] = content.pop("presence")
if "status_msg" in content: if "status_msg" in content:
@ -113,11 +114,7 @@ class PresenceListRestServlet(ClientV1RestServlet):
raise SynapseError( raise SynapseError(
400, "Cannot modify another user's presence list") 400, "Cannot modify another user's presence list")
try: content = parse_json_object_from_request(request)
content = json.loads(request.content.read())
except:
logger.exception("JSON parse error")
raise SynapseError(400, "Unable to parse content")
if "invite" in content: if "invite" in content:
for u in content["invite"]: for u in content["invite"]:

View File

@ -18,8 +18,7 @@ from twisted.internet import defer
from .base import ClientV1RestServlet, client_path_patterns from .base import ClientV1RestServlet, client_path_patterns
from synapse.types import UserID from synapse.types import UserID
from synapse.http.servlet import parse_json_object_from_request
import simplejson as json
class ProfileDisplaynameRestServlet(ClientV1RestServlet): class ProfileDisplaynameRestServlet(ClientV1RestServlet):
@ -44,8 +43,9 @@ class ProfileDisplaynameRestServlet(ClientV1RestServlet):
requester = yield self.auth.get_user_by_req(request, allow_guest=True) requester = yield self.auth.get_user_by_req(request, allow_guest=True)
user = UserID.from_string(user_id) user = UserID.from_string(user_id)
content = parse_json_object_from_request(request)
try: try:
content = json.loads(request.content.read())
new_name = content["displayname"] new_name = content["displayname"]
except: except:
defer.returnValue((400, "Unable to parse name")) defer.returnValue((400, "Unable to parse name"))
@ -81,8 +81,8 @@ class ProfileAvatarURLRestServlet(ClientV1RestServlet):
requester = yield self.auth.get_user_by_req(request) requester = yield self.auth.get_user_by_req(request)
user = UserID.from_string(user_id) user = UserID.from_string(user_id)
content = parse_json_object_from_request(request)
try: try:
content = json.loads(request.content.read())
new_name = content["avatar_url"] new_name = content["avatar_url"]
except: except:
defer.returnValue((400, "Unable to parse name")) defer.returnValue((400, "Unable to parse name"))

View File

@ -24,7 +24,6 @@ from synapse.types import UserID, RoomID, RoomAlias
from synapse.events.utils import serialize_event from synapse.events.utils import serialize_event
from synapse.http.servlet import parse_json_object_from_request from synapse.http.servlet import parse_json_object_from_request
import simplejson as json
import logging import logging
import urllib import urllib
@ -72,15 +71,10 @@ class RoomCreateRestServlet(ClientV1RestServlet):
defer.returnValue((200, info)) defer.returnValue((200, info))
def get_room_config(self, request): def get_room_config(self, request):
try: user_supplied_config = parse_json_object_from_request(request)
user_supplied_config = json.loads(request.content.read())
if "visibility" not in user_supplied_config:
# default visibility # default visibility
user_supplied_config["visibility"] = "public" user_supplied_config.setdefault("visibility", "public")
return user_supplied_config return user_supplied_config
except (ValueError, TypeError):
raise SynapseError(400, "Body must be JSON.",
errcode=Codes.BAD_JSON)
def on_OPTIONS(self, request): def on_OPTIONS(self, request):
return (200, {}) return (200, {})

View File

@ -15,15 +15,13 @@
from ._base import client_v2_patterns from ._base import client_v2_patterns
from synapse.http.servlet import RestServlet from synapse.http.servlet import RestServlet, parse_json_object_from_request
from synapse.api.errors import AuthError, SynapseError from synapse.api.errors import AuthError
from twisted.internet import defer from twisted.internet import defer
import logging import logging
import simplejson as json
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -47,11 +45,7 @@ class AccountDataServlet(RestServlet):
if user_id != requester.user.to_string(): if user_id != requester.user.to_string():
raise AuthError(403, "Cannot add account data for other users.") raise AuthError(403, "Cannot add account data for other users.")
try: body = parse_json_object_from_request(request)
content_bytes = request.content.read()
body = json.loads(content_bytes)
except:
raise SynapseError(400, "Invalid JSON")
max_id = yield self.store.add_account_data_for_user( max_id = yield self.store.add_account_data_for_user(
user_id, account_data_type, body user_id, account_data_type, body
@ -86,14 +80,7 @@ class RoomAccountDataServlet(RestServlet):
if user_id != requester.user.to_string(): if user_id != requester.user.to_string():
raise AuthError(403, "Cannot add account data for other users.") raise AuthError(403, "Cannot add account data for other users.")
try: body = parse_json_object_from_request(request)
content_bytes = request.content.read()
body = json.loads(content_bytes)
except:
raise SynapseError(400, "Invalid JSON")
if not isinstance(body, dict):
raise ValueError("Expected a JSON object")
max_id = yield self.store.add_account_data_to_room( max_id = yield self.store.add_account_data_to_room(
user_id, room_id, account_data_type, body user_id, room_id, account_data_type, body

View File

@ -16,12 +16,11 @@
from twisted.internet import defer from twisted.internet import defer
from synapse.api.errors import AuthError, SynapseError from synapse.api.errors import AuthError, SynapseError
from synapse.http.servlet import RestServlet from synapse.http.servlet import RestServlet, parse_json_object_from_request
from synapse.types import UserID from synapse.types import UserID
from ._base import client_v2_patterns from ._base import client_v2_patterns
import simplejson as json
import logging import logging
@ -84,12 +83,7 @@ class CreateFilterRestServlet(RestServlet):
if not self.hs.is_mine(target_user): if not self.hs.is_mine(target_user):
raise SynapseError(400, "Can only create filters for local users") raise SynapseError(400, "Can only create filters for local users")
try: content = parse_json_object_from_request(request)
content = json.loads(request.content.read())
# TODO(paul): check for required keys and invalid keys
except:
raise SynapseError(400, "Invalid filter definition")
filter_id = yield self.filtering.add_user_filter( filter_id = yield self.filtering.add_user_filter(
user_localpart=target_user.localpart, user_localpart=target_user.localpart,

View File

@ -15,16 +15,15 @@
from twisted.internet import defer from twisted.internet import defer
from synapse.api.errors import SynapseError from synapse.http.servlet import RestServlet, parse_json_object_from_request
from synapse.http.servlet import RestServlet
from synapse.types import UserID from synapse.types import UserID
from canonicaljson import encode_canonical_json from canonicaljson import encode_canonical_json
from ._base import client_v2_patterns from ._base import client_v2_patterns
import simplejson as json
import logging import logging
import simplejson as json
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -68,10 +67,9 @@ class KeyUploadServlet(RestServlet):
user_id = requester.user.to_string() user_id = requester.user.to_string()
# TODO: Check that the device_id matches that in the authentication # TODO: Check that the device_id matches that in the authentication
# or derive the device_id from the authentication instead. # or derive the device_id from the authentication instead.
try:
body = json.loads(request.content.read()) body = parse_json_object_from_request(request)
except:
raise SynapseError(400, "Invalid key JSON")
time_now = self.clock.time_msec() time_now = self.clock.time_msec()
# TODO: Validate the JSON to make sure it has the right keys. # TODO: Validate the JSON to make sure it has the right keys.
@ -173,10 +171,7 @@ class KeyQueryServlet(RestServlet):
@defer.inlineCallbacks @defer.inlineCallbacks
def on_POST(self, request, user_id, device_id): def on_POST(self, request, user_id, device_id):
yield self.auth.get_user_by_req(request) yield self.auth.get_user_by_req(request)
try: body = parse_json_object_from_request(request)
body = json.loads(request.content.read())
except:
raise SynapseError(400, "Invalid key JSON")
result = yield self.handle_request(body) result = yield self.handle_request(body)
defer.returnValue(result) defer.returnValue(result)
@ -272,10 +267,7 @@ class OneTimeKeyServlet(RestServlet):
@defer.inlineCallbacks @defer.inlineCallbacks
def on_POST(self, request, user_id, device_id, algorithm): def on_POST(self, request, user_id, device_id, algorithm):
yield self.auth.get_user_by_req(request) yield self.auth.get_user_by_req(request)
try: body = parse_json_object_from_request(request)
body = json.loads(request.content.read())
except:
raise SynapseError(400, "Invalid key JSON")
result = yield self.handle_request(body) result = yield self.handle_request(body)
defer.returnValue(result) defer.returnValue(result)

View File

@ -15,15 +15,13 @@
from ._base import client_v2_patterns from ._base import client_v2_patterns
from synapse.http.servlet import RestServlet from synapse.http.servlet import RestServlet, parse_json_object_from_request
from synapse.api.errors import AuthError, SynapseError from synapse.api.errors import AuthError
from twisted.internet import defer from twisted.internet import defer
import logging import logging
import simplejson as json
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -72,11 +70,7 @@ class TagServlet(RestServlet):
if user_id != requester.user.to_string(): if user_id != requester.user.to_string():
raise AuthError(403, "Cannot add tags for other users.") raise AuthError(403, "Cannot add tags for other users.")
try: body = parse_json_object_from_request(request)
content_bytes = request.content.read()
body = json.loads(content_bytes)
except:
raise SynapseError(400, "Invalid tag JSON")
max_id = yield self.store.add_tag_to_room(user_id, room_id, tag, body) max_id = yield self.store.add_tag_to_room(user_id, room_id, tag, body)

View File

@ -13,7 +13,7 @@
# limitations under the License. # limitations under the License.
from synapse.http.server import request_handler, respond_with_json_bytes from synapse.http.server import request_handler, respond_with_json_bytes
from synapse.http.servlet import parse_integer from synapse.http.servlet import parse_integer, parse_json_object_from_request
from synapse.api.errors import SynapseError, Codes from synapse.api.errors import SynapseError, Codes
from twisted.web.resource import Resource from twisted.web.resource import Resource
@ -22,7 +22,6 @@ from twisted.internet import defer
from io import BytesIO from io import BytesIO
import json
import logging import logging
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -126,14 +125,7 @@ class RemoteKey(Resource):
@request_handler @request_handler
@defer.inlineCallbacks @defer.inlineCallbacks
def async_render_POST(self, request): def async_render_POST(self, request):
try: content = parse_json_object_from_request(request)
content = json.loads(request.content.read())
if type(content) != dict:
raise ValueError()
except ValueError:
raise SynapseError(
400, "Content must be JSON object.", errcode=Codes.NOT_JSON
)
query = content["server_keys"] query = content["server_keys"]

View File

@ -95,7 +95,8 @@ class ProfileTestCase(unittest.TestCase):
mocked_set.side_effect = AuthError(400, "message") mocked_set.side_effect = AuthError(400, "message")
(code, response) = yield self.mock_resource.trigger( (code, response) = yield self.mock_resource.trigger(
"PUT", "/profile/%s/displayname" % ("@4567:test"), '"Frank Jr."' "PUT", "/profile/%s/displayname" % ("@4567:test"),
'{"displayname": "Frank Jr."}'
) )
self.assertTrue( self.assertTrue(
@ -121,7 +122,8 @@ class ProfileTestCase(unittest.TestCase):
mocked_set.side_effect = SynapseError(400, "message") mocked_set.side_effect = SynapseError(400, "message")
(code, response) = yield self.mock_resource.trigger( (code, response) = yield self.mock_resource.trigger(
"PUT", "/profile/%s/displayname" % ("@opaque:elsewhere"), None "PUT", "/profile/%s/displayname" % ("@opaque:elsewhere"),
'{"displayname":"bob"}'
) )
self.assertTrue( self.assertTrue(