Return proper error in case of invalid UTF-8 in json_body

json_body is used in places that need authentication. In
case an unknown field is set, Ruma doesn't parse the field
and so doesn't give an error on invalid UTF-8. But Conduit
has parsed and on error makes json_body None. Return an
error to the client instead of generating an internal error.
This commit is contained in:
Kurt Roeckx 2021-06-30 23:12:22 +02:00
parent cc9111059d
commit 699f77671f
3 changed files with 53 additions and 49 deletions

View file

@ -157,15 +157,19 @@ pub async fn register_route(
} }
// Success! // Success!
} else { } else {
if let Some(json) = body.json_body {
uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH)); uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
db.uiaa.create( db.uiaa.create(
&UserId::parse_with_server_name("", db.globals.server_name()) &UserId::parse_with_server_name("", db.globals.server_name())
.expect("we know this is valid"), .expect("we know this is valid"),
"".into(), "".into(),
&uiaainfo, &uiaainfo,
&body.json_body.expect("body is json"), &json,
)?; )?;
return Err(Error::Uiaa(uiaainfo)); return Err(Error::Uiaa(uiaainfo));
} else {
return Err(Error::BadRequest(ErrorKind::NotJson, "Not json."));
}
} }
} }
@ -526,14 +530,14 @@ pub async fn change_password_route(
} }
// Success! // Success!
} else { } else {
if let Some(json) = body.json_body {
uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH)); uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
db.uiaa.create( db.uiaa
&sender_user, .create(&sender_user, &sender_device, &uiaainfo, &json)?;
&sender_device,
&uiaainfo,
&body.json_body.expect("body is json"),
)?;
return Err(Error::Uiaa(uiaainfo)); return Err(Error::Uiaa(uiaainfo));
} else {
return Err(Error::BadRequest(ErrorKind::NotJson, "Not json."));
}
} }
db.users db.users
@ -618,14 +622,14 @@ pub async fn deactivate_route(
} }
// Success! // Success!
} else { } else {
if let Some(json) = body.json_body {
uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH)); uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
db.uiaa.create( db.uiaa
&sender_user, .create(&sender_user, &sender_device, &uiaainfo, &json)?;
&sender_device,
&uiaainfo,
&body.json_body.expect("body is json"),
)?;
return Err(Error::Uiaa(uiaainfo)); return Err(Error::Uiaa(uiaainfo));
} else {
return Err(Error::BadRequest(ErrorKind::NotJson, "Not json."));
}
} }
// Leave all joined rooms and reject all invitations // Leave all joined rooms and reject all invitations

View file

@ -116,14 +116,14 @@ pub async fn delete_device_route(
} }
// Success! // Success!
} else { } else {
if let Some(json) = body.json_body {
uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH)); uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
db.uiaa.create( db.uiaa
&sender_user, .create(&sender_user, &sender_device, &uiaainfo, &json)?;
&sender_device,
&uiaainfo,
&body.json_body.expect("body is json"),
)?;
return Err(Error::Uiaa(uiaainfo)); return Err(Error::Uiaa(uiaainfo));
} else {
return Err(Error::BadRequest(ErrorKind::NotJson, "Not json."));
}
} }
db.users.remove_device(&sender_user, &body.device_id)?; db.users.remove_device(&sender_user, &body.device_id)?;
@ -170,14 +170,14 @@ pub async fn delete_devices_route(
} }
// Success! // Success!
} else { } else {
if let Some(json) = body.json_body {
uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH)); uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
db.uiaa.create( db.uiaa
&sender_user, .create(&sender_user, &sender_device, &uiaainfo, &json)?;
&sender_device,
&uiaainfo,
&body.json_body.expect("body is json"),
)?;
return Err(Error::Uiaa(uiaainfo)); return Err(Error::Uiaa(uiaainfo));
} else {
return Err(Error::BadRequest(ErrorKind::NotJson, "Not json."));
}
} }
for device_id in &body.devices { for device_id in &body.devices {

View file

@ -145,14 +145,14 @@ pub async fn upload_signing_keys_route(
} }
// Success! // Success!
} else { } else {
if let Some(json) = body.json_body {
uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH)); uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
db.uiaa.create( db.uiaa
&sender_user, .create(&sender_user, &sender_device, &uiaainfo, &json)?;
&sender_device,
&uiaainfo,
&body.json_body.expect("body is json"),
)?;
return Err(Error::Uiaa(uiaainfo)); return Err(Error::Uiaa(uiaainfo));
} else {
return Err(Error::BadRequest(ErrorKind::NotJson, "Not json."));
}
} }
if let Some(master_key) = &body.master_key { if let Some(master_key) = &body.master_key {