diff --git a/synapse/handlers/e2e_keys.py b/synapse/handlers/e2e_keys.py index 540995e062..c13de7c067 100644 --- a/synapse/handlers/e2e_keys.py +++ b/synapse/handlers/e2e_keys.py @@ -58,7 +58,6 @@ if TYPE_CHECKING: logger = logging.getLogger(__name__) - ONE_TIME_KEY_UPLOAD = "one_time_key_upload_lock" @@ -821,15 +820,29 @@ class E2eKeysHandler: # TODO: Validate the JSON to make sure it has the right keys. device_keys = keys.get("device_keys", None) - if device_keys: - await self.device_key_uploader( - user_id=user_id, - device_id=device_id, - keys={"device_keys": device_keys}, - ) + if device_keys and isinstance(device_keys, dict): + # Validate that user_id and device_id match the requesting user + if ( + device_keys["user_id"] == user_id + and device_keys["device_id"] == device_id + ): + await self.device_key_uploader( + user_id=user_id, + device_id=device_id, + keys={"device_keys": device_keys}, + ) + else: + log_kv( + { + "message": "Not updating device_keys for user, user_id or device_id mismatch", + "user_id": user_id, + } + ) + else: + log_kv({"message": "Did not update device_keys", "reason": "not a dict"}) one_time_keys = keys.get("one_time_keys", None) - if one_time_keys: + if one_time_keys and isinstance(one_time_keys, dict): log_kv( { "message": "Updating one_time_keys for device.", @@ -840,6 +853,8 @@ class E2eKeysHandler: await self._upload_one_time_keys_for_user( user_id, device_id, time_now, one_time_keys ) + elif one_time_keys: + log_kv({"message": "Did not update device_keys", "reason": "not a dict"}) else: log_kv( {"message": "Did not update one_time_keys", "reason": "no keys given"}