Add additional validation for the admin register endpoint. (#8837)

Raise a proper 400 error if the `mac` field is missing.
author: David Florness <david@florness.com> 2020-12-02 10:01:15 -0500
committer: GitHub <noreply@github.com> 2020-12-02 10:01:15 -0500
commit: c4675e1b24f06a72c323c8131eab4998b4e71af1 (patch)
tree: 6a559757e73585885a093003f9ac67ada9dc3319
parent: Minor changes to the CHANGES doc. (diff)
download: synapse-c4675e1b24f06a72c323c8131eab4998b4e71af1.tar.xz
2 files changed, 4 insertions, 0 deletions
diff --git a/changelog.d/8837.bugfix b/changelog.d/8837.bugfix
new file mode 100644
index 0000000000..b2977d0c31
--- /dev/null
+++ b/changelog.d/8837.bugfix
@@ -0,0 +1 @@
+Fix a long standing bug in the register admin endpoint (`/_synapse/admin/v1/register`) when the `mac` field was not provided. The endpoint now properly returns a 400 error. Contributed by @edwargix.
diff --git a/synapse/rest/admin/users.py b/synapse/rest/admin/users.py
index b0ff5e1ead..90940ff185 100644
--- a/synapse/rest/admin/users.py
+++ b/synapse/rest/admin/users.py
@@ -420,6 +420,9 @@ class UserRegisterServlet(RestServlet):
         if user_type is not None and user_type not in UserTypes.ALL_USER_TYPES:
             raise SynapseError(400, "Invalid user type")
 
+        if "mac" not in body:
+            raise SynapseError(400, "mac must be specified", errcode=Codes.BAD_JSON)
+
         got_mac = body["mac"]
 
         want_mac_builder = hmac.new(
author	David Florness <david@florness.com>	2020-12-02 10:01:15 -0500
committer	GitHub <noreply@github.com>	2020-12-02 10:01:15 -0500
commit	c4675e1b24f06a72c323c8131eab4998b4e71af1 (patch)
tree	6a559757e73585885a093003f9ac67ada9dc3319
parent	Minor changes to the CHANGES doc. (diff)
download	synapse-c4675e1b24f06a72c323c8131eab4998b4e71af1.tar.xz