diff options
| author | Patrick Cloke <clokep@users.noreply.github.com> | 2021-03-16 07:29:35 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-03-16 11:29:35 +0000 |
| commit | 1383508f2956345fd86de1779dd2f6e723c536c5 (patch) | |
| tree | abd5e21ccd6c4df3320cdd6c7168cd7af87a809c | |
| parent | Add support for stable MSC2858 API (#9617) (diff) | |
| download | synapse-1383508f2956345fd86de1779dd2f6e723c536c5.tar.xz | |
Handle an empty cookie as an invalid macaroon. (#9620)
* Handle an empty cookie as an invalid macaroon. * Newsfragment
| -rw-r--r-- | changelog.d/9620.bugfix | 1 | ||||
| -rw-r--r-- | synapse/handlers/oidc_handler.py | 3 |
2 files changed, 3 insertions, 1 deletions
diff --git a/changelog.d/9620.bugfix b/changelog.d/9620.bugfix new file mode 100644 index 0000000000..427580f4ad --- /dev/null +++ b/changelog.d/9620.bugfix @@ -0,0 +1 @@ +Fix a bug introduced in v1.28.0 where the OpenID Connect callback endpoint could error with a `MacaroonInitException`. diff --git a/synapse/handlers/oidc_handler.py b/synapse/handlers/oidc_handler.py index 01c91f9d1c..6d8551a6d6 100644 --- a/synapse/handlers/oidc_handler.py +++ b/synapse/handlers/oidc_handler.py @@ -29,6 +29,7 @@ from authlib.oidc.discovery import OpenIDProviderMetadata, get_well_known_url from jinja2 import Environment, Template from pymacaroons.exceptions import ( MacaroonDeserializationException, + MacaroonInitException, MacaroonInvalidSignatureException, ) from typing_extensions import TypedDict @@ -217,7 +218,7 @@ class OidcHandler: session_data = self._token_generator.verify_oidc_session_token( session, state ) - except (MacaroonDeserializationException, KeyError) as e: + except (MacaroonInitException, MacaroonDeserializationException, KeyError) as e: logger.exception("Invalid session for OIDC callback") self._sso_handler.render_error(request, "invalid_session", str(e)) return |