summary refs log tree commit diff
diff options
context:
space:
mode:
authorAndrew Morgan <1342360+anoadragon453@users.noreply.github.com>2020-02-12 18:14:10 +0000
committerGitHub <noreply@github.com>2020-02-12 18:14:10 +0000
commitd8994942f28f5028e560f6aba52512fae3ca1a6a (patch)
tree7f2dcaab240436d3d0850fac778787469b6388c9
parentMerge branch 'master' into develop (diff)
downloadsynapse-d8994942f28f5028e560f6aba52512fae3ca1a6a.tar.xz
Return a 404 for admin api user lookup if user not found (#6901)
-rw-r--r--changelog.d/6901.misc1
-rw-r--r--synapse/rest/admin/users.py5
-rw-r--r--tests/rest/admin/test_user.py16
3 files changed, 21 insertions, 1 deletions
diff --git a/changelog.d/6901.misc b/changelog.d/6901.misc
new file mode 100644
index 0000000000..b2f12bbe86
--- /dev/null
+++ b/changelog.d/6901.misc
@@ -0,0 +1 @@
+Return a 404 instead of 200 for querying information of a non-existant user through the admin API.
\ No newline at end of file
diff --git a/synapse/rest/admin/users.py b/synapse/rest/admin/users.py
index e75c5f1370..2107b5dc56 100644
--- a/synapse/rest/admin/users.py
+++ b/synapse/rest/admin/users.py
@@ -21,7 +21,7 @@ from six import text_type
 from six.moves import http_client
 
 from synapse.api.constants import UserTypes
-from synapse.api.errors import Codes, SynapseError
+from synapse.api.errors import Codes, NotFoundError, SynapseError
 from synapse.http.servlet import (
     RestServlet,
     assert_params_in_dict,
@@ -152,6 +152,9 @@ class UserRestServletV2(RestServlet):
 
         ret = await self.admin_handler.get_user(target_user)
 
+        if not ret:
+            raise NotFoundError("User not found")
+
         return 200, ret
 
     async def on_PUT(self, request, user_id):
diff --git a/tests/rest/admin/test_user.py b/tests/rest/admin/test_user.py
index 3b5169b38d..490ce8f55d 100644
--- a/tests/rest/admin/test_user.py
+++ b/tests/rest/admin/test_user.py
@@ -401,6 +401,22 @@ class UserRestTestCase(unittest.HomeserverTestCase):
         self.assertEqual(403, int(channel.result["code"]), msg=channel.result["body"])
         self.assertEqual("You are not a server admin", channel.json_body["error"])
 
+    def test_user_does_not_exist(self):
+        """
+        Tests that a lookup for a user that does not exist returns a 404
+        """
+        self.hs.config.registration_shared_secret = None
+
+        request, channel = self.make_request(
+            "GET",
+            "/_synapse/admin/v2/users/@unknown_person:test",
+            access_token=self.admin_user_tok,
+        )
+        self.render(request)
+
+        self.assertEqual(404, channel.code, msg=channel.json_body)
+        self.assertEqual("M_NOT_FOUND", channel.json_body["errcode"])
+
     def test_requester_is_admin(self):
         """
         If the user is a server admin, a new user is created.