Raise a SynapseError if the authorisation header is missing or malformed
This commit is contained in:
parent
75e517a2da
commit
25d80f35f1
|
@ -211,36 +211,44 @@ class TransportLayer(object):
|
||||||
|
|
||||||
if request.method == "PUT":
|
if request.method == "PUT":
|
||||||
#TODO: Handle other method types? other content types?
|
#TODO: Handle other method types? other content types?
|
||||||
content_bytes = request.content.read()
|
try:
|
||||||
content = json.loads(content_bytes)
|
content_bytes = request.content.read()
|
||||||
json_request["content"] = content
|
content = json.loads(content_bytes)
|
||||||
|
json_request["content"] = content
|
||||||
|
except:
|
||||||
|
raise SynapseError(400, "Unable to parse JSON", Codes.BAD_JSON)
|
||||||
|
|
||||||
def parse_auth_header(header_str):
|
def parse_auth_header(header_str):
|
||||||
params = auth.split(" ")[1].split(",")
|
try:
|
||||||
param_dict = dict(kv.split("=") for kv in params)
|
params = auth.split(" ")[1].split(",")
|
||||||
def strip_quotes(value):
|
param_dict = dict(kv.split("=") for kv in params)
|
||||||
if value.startswith("\""):
|
def strip_quotes(value):
|
||||||
return value[1:-1]
|
if value.startswith("\""):
|
||||||
else:
|
return value[1:-1]
|
||||||
return value
|
else:
|
||||||
origin = strip_quotes(param_dict["origin"])
|
return value
|
||||||
key = strip_quotes(param_dict["key"])
|
origin = strip_quotes(param_dict["origin"])
|
||||||
sig = strip_quotes(param_dict["sig"])
|
key = strip_quotes(param_dict["key"])
|
||||||
return (origin, key, sig)
|
sig = strip_quotes(param_dict["sig"])
|
||||||
|
return (origin, key, sig)
|
||||||
|
except:
|
||||||
|
raise SynapseError(
|
||||||
|
400, "Malformed Authorization Header", Codes.FORBIDDEN
|
||||||
|
)
|
||||||
|
|
||||||
auth_headers = request.requestHeaders.getRawHeaders(b"Authorization")
|
auth_headers = request.requestHeaders.getRawHeaders(b"Authorization")
|
||||||
|
|
||||||
if not auth_headers:
|
|
||||||
raise SynapseError(
|
|
||||||
401, "Missing Authorization headers", Codes.FORBIDDEN,
|
|
||||||
)
|
|
||||||
|
|
||||||
for auth in auth_headers:
|
for auth in auth_headers:
|
||||||
if auth.startswith("X-Matrix"):
|
if auth.startswith("X-Matrix"):
|
||||||
(origin, key, sig) = parse_auth_header(auth)
|
(origin, key, sig) = parse_auth_header(auth)
|
||||||
json_request["origin"] = origin
|
json_request["origin"] = origin
|
||||||
json_request["signatures"].setdefault(origin,{})[key] = sig
|
json_request["signatures"].setdefault(origin,{})[key] = sig
|
||||||
|
|
||||||
|
if not json_request["signatures"]:
|
||||||
|
raise SynapseError(
|
||||||
|
401, "Missing Authorization headers", Codes.FORBIDDEN,
|
||||||
|
)
|
||||||
|
|
||||||
yield self.keyring.verify_json_for_server(origin, json_request)
|
yield self.keyring.verify_json_for_server(origin, json_request)
|
||||||
|
|
||||||
defer.returnValue((origin, content))
|
defer.returnValue((origin, content))
|
||||||
|
|
|
@ -79,6 +79,10 @@ class MockHttpResource(HttpServer):
|
||||||
mock_request.method = http_method
|
mock_request.method = http_method
|
||||||
mock_request.uri = path
|
mock_request.uri = path
|
||||||
|
|
||||||
|
mock_request.requestHeaders.getRawHeaders.return_value=[
|
||||||
|
"X-Matrix origin=test,key=,sig="
|
||||||
|
]
|
||||||
|
|
||||||
# return the right path if the event requires it
|
# return the right path if the event requires it
|
||||||
mock_request.path = path
|
mock_request.path = path
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue