summary refs log tree commit diff
diff options
context:
space:
mode:
authorMark Haines <mark.haines@matrix.org>2014-10-13 15:53:18 +0100
committerMark Haines <mark.haines@matrix.org>2014-10-13 15:53:18 +0100
commit25d80f35f10239b280cf374f60ccb552087fcf44 (patch)
tree3a926b1b1bfa7114cfcdc82c01ca3cf22e19c43b
parentRemove debug logging, raise a proper SynapseError if the auth header is missing (diff)
downloadsynapse-25d80f35f10239b280cf374f60ccb552087fcf44.tar.xz
Raise a SynapseError if the authorisation header is missing or malformed
-rw-r--r--synapse/federation/transport.py46
-rw-r--r--tests/utils.py4
2 files changed, 31 insertions, 19 deletions
diff --git a/synapse/federation/transport.py b/synapse/federation/transport.py
index 93134ee274..7a4c1f6443 100644
--- a/synapse/federation/transport.py
+++ b/synapse/federation/transport.py
@@ -211,36 +211,44 @@ class TransportLayer(object):
 
         if request.method == "PUT":
             #TODO: Handle other method types? other content types?
-            content_bytes = request.content.read()
-            content = json.loads(content_bytes)
-            json_request["content"] = content
+            try:
+                content_bytes = request.content.read()
+                content = json.loads(content_bytes)
+                json_request["content"] = content
+            except:
+                raise SynapseError(400, "Unable to parse JSON", Codes.BAD_JSON)
 
         def parse_auth_header(header_str):
-            params = auth.split(" ")[1].split(",")
-            param_dict = dict(kv.split("=") for kv in params)
-            def strip_quotes(value):
-                if value.startswith("\""):
-                    return value[1:-1]
-                else:
-                    return value
-            origin = strip_quotes(param_dict["origin"])
-            key = strip_quotes(param_dict["key"])
-            sig = strip_quotes(param_dict["sig"])
-            return (origin, key, sig)
+            try:
+                params = auth.split(" ")[1].split(",")
+                param_dict = dict(kv.split("=") for kv in params)
+                def strip_quotes(value):
+                    if value.startswith("\""):
+                        return value[1:-1]
+                    else:
+                        return value
+                origin = strip_quotes(param_dict["origin"])
+                key = strip_quotes(param_dict["key"])
+                sig = strip_quotes(param_dict["sig"])
+                return (origin, key, sig)
+            except:
+                raise SynapseError(
+                    400, "Malformed Authorization Header", Codes.FORBIDDEN
+                )
 
         auth_headers = request.requestHeaders.getRawHeaders(b"Authorization")
 
-        if not auth_headers:
-            raise SynapseError(
-                401, "Missing Authorization headers", Codes.FORBIDDEN,
-            )
-
         for auth in auth_headers:
             if auth.startswith("X-Matrix"):
                 (origin, key, sig) = parse_auth_header(auth)
                 json_request["origin"] = origin
                 json_request["signatures"].setdefault(origin,{})[key] = sig
 
+        if not json_request["signatures"]:
+            raise SynapseError(
+                401, "Missing Authorization headers", Codes.FORBIDDEN,
+            )
+
         yield self.keyring.verify_json_for_server(origin, json_request)
 
         defer.returnValue((origin, content))
diff --git a/tests/utils.py b/tests/utils.py
index 83dbd4f4d3..60fd6085ac 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -79,6 +79,10 @@ class MockHttpResource(HttpServer):
         mock_request.method = http_method
         mock_request.uri = path
 
+        mock_request.requestHeaders.getRawHeaders.return_value=[
+            "X-Matrix origin=test,key=,sig="
+        ]
+
         # return the right path if the event requires it
         mock_request.path = path