Add back in support for remembering parameters submitted to a user-interactive auth call.

2015-07-15 19:28:03 +01:00 · 2015-07-15 19:28:03 +01:00 · 4da05fa0ae
parent 8cedf3ce95
commit 4da05fa0ae
2 changed files with 13 additions and 4 deletions
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@ -85,8 +85,10 @@ class AuthHandler(BaseHandler):
            # email auth link on there). It's probably too open to abuse
            # because it lets unauthenticated clients store arbitrary objects
            # on a home server.
-            # sess['clientdict'] = clientdict
-            # self._save_session(sess)
+            # Revisit: Assumimg the REST APIs do sensible validation, the data
+            # isn't arbintrary.
+            sess['clientdict'] = clientdict
+            self._save_session(sess)
            pass
        elif 'clientdict' in sess:
            clientdict = sess['clientdict']
--- a/synapse/rest/client/v2_alpha/register.py
+++ b/synapse/rest/client/v2_alpha/register.py
@ -57,10 +57,17 @@ class RegisterRestServlet(RestServlet):
        yield run_on_reactor()

        body = parse_request_allow_empty(request)
-        if 'password' not in body:
-            raise SynapseError(400, "", Codes.MISSING_PARAM)
+        # we do basic sanity checks here because the auth layerwill store these in sessions
+        if 'password' in body:
+            print "%r" % (body['password'])
+            if (not isinstance(body['password'], str) and
+                    not isinstance(body['password'], unicode)) or len(body['password']) > 512:
+                raise SynapseError(400, "Invalid password")

        if 'username' in body:
+            if (not isinstance(body['username'], str) and
+                    not isinstance(body['username'], unicode)) or len(body['username']) > 512:
+                raise SynapseError(400, "Invalid username")
            desired_username = body['username']
            yield self.registration_handler.check_username(desired_username)