Reject device display names that are too long (#6882)
* Reject device display names that are too long. Too long is currently defined as 100 characters in length. * Add a regression test for rejecting a too long device display name.
This commit is contained in:
parent
3a3118f4ec
commit
a92e703ab9
|
@ -0,0 +1 @@
|
||||||
|
Reject device display names over 100 characters in length.
|
|
@ -26,6 +26,7 @@ from synapse.api.errors import (
|
||||||
FederationDeniedError,
|
FederationDeniedError,
|
||||||
HttpResponseException,
|
HttpResponseException,
|
||||||
RequestSendFailed,
|
RequestSendFailed,
|
||||||
|
SynapseError,
|
||||||
)
|
)
|
||||||
from synapse.logging.opentracing import log_kv, set_tag, trace
|
from synapse.logging.opentracing import log_kv, set_tag, trace
|
||||||
from synapse.types import RoomStreamToken, get_domain_from_id
|
from synapse.types import RoomStreamToken, get_domain_from_id
|
||||||
|
@ -39,6 +40,8 @@ from ._base import BaseHandler
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
MAX_DEVICE_DISPLAY_NAME_LEN = 100
|
||||||
|
|
||||||
|
|
||||||
class DeviceWorkerHandler(BaseHandler):
|
class DeviceWorkerHandler(BaseHandler):
|
||||||
def __init__(self, hs):
|
def __init__(self, hs):
|
||||||
|
@ -404,9 +407,18 @@ class DeviceHandler(DeviceWorkerHandler):
|
||||||
defer.Deferred:
|
defer.Deferred:
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
# Reject a new displayname which is too long.
|
||||||
|
new_display_name = content.get("display_name")
|
||||||
|
if new_display_name and len(new_display_name) > MAX_DEVICE_DISPLAY_NAME_LEN:
|
||||||
|
raise SynapseError(
|
||||||
|
400,
|
||||||
|
"Device display name is too long (max %i)"
|
||||||
|
% (MAX_DEVICE_DISPLAY_NAME_LEN,),
|
||||||
|
)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
yield self.store.update_device(
|
yield self.store.update_device(
|
||||||
user_id, device_id, new_display_name=content.get("display_name")
|
user_id, device_id, new_display_name=new_display_name
|
||||||
)
|
)
|
||||||
yield self.notify_device_update(user_id, [device_id])
|
yield self.notify_device_update(user_id, [device_id])
|
||||||
except errors.StoreError as e:
|
except errors.StoreError as e:
|
||||||
|
|
|
@ -160,6 +160,24 @@ class DeviceTestCase(unittest.HomeserverTestCase):
|
||||||
res = self.get_success(self.handler.get_device(user1, "abc"))
|
res = self.get_success(self.handler.get_device(user1, "abc"))
|
||||||
self.assertEqual(res["display_name"], "new display")
|
self.assertEqual(res["display_name"], "new display")
|
||||||
|
|
||||||
|
def test_update_device_too_long_display_name(self):
|
||||||
|
"""Update a device with a display name that is invalid (too long)."""
|
||||||
|
self._record_users()
|
||||||
|
|
||||||
|
# Request to update a device display name with a new value that is longer than allowed.
|
||||||
|
update = {
|
||||||
|
"display_name": "a"
|
||||||
|
* (synapse.handlers.device.MAX_DEVICE_DISPLAY_NAME_LEN + 1)
|
||||||
|
}
|
||||||
|
self.get_failure(
|
||||||
|
self.handler.update_device(user1, "abc", update),
|
||||||
|
synapse.api.errors.SynapseError,
|
||||||
|
)
|
||||||
|
|
||||||
|
# Ensure the display name was not updated.
|
||||||
|
res = self.get_success(self.handler.get_device(user1, "abc"))
|
||||||
|
self.assertEqual(res["display_name"], "display 2")
|
||||||
|
|
||||||
def test_update_unknown_device(self):
|
def test_update_unknown_device(self):
|
||||||
update = {"display_name": "new_display"}
|
update = {"display_name": "new_display"}
|
||||||
res = self.handler.update_device("user_id", "unknown_device_id", update)
|
res = self.handler.update_device("user_id", "unknown_device_id", update)
|
||||||
|
|
Loading…
Reference in New Issue