/login: Respond with a 403 when we get an invalid m.login.token

author: Richard van der Hoff <richard@matrix.org> 2016-08-09 16:29:28 +0100
committer: Richard van der Hoff <richard@matrix.org> 2016-08-09 16:29:28 +0100
commit: 79ebfbe7c62400a2b63d67fb65b1abce29d8bf38 (patch)
tree: 26e4b83a7d09be3238a5b430f52b41e385ff78af /synapse/handlers
parent: Merge pull request #995 from matrix-org/rav/clean_up_cas_login (diff)
download: synapse-79ebfbe7c62400a2b63d67fb65b1abce29d8bf38.tar.xz
1 files changed, 3 insertions, 3 deletions
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
index 1d3641b7a7..82998a81ce 100644
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@@ -719,14 +719,14 @@ class AuthHandler(BaseHandler):
         return macaroon.serialize()
 
     def validate_short_term_login_token_and_get_user_id(self, login_token):
+        auth_api = self.hs.get_auth()
         try:
-            auth_api = self.hs.get_auth()
             macaroon = pymacaroons.Macaroon.deserialize(login_token)
             user_id = auth_api.get_user_id_from_macaroon(macaroon)
             auth_api.validate_macaroon(macaroon, "login", True, user_id)
             return user_id
-        except (pymacaroons.exceptions.MacaroonException, TypeError, ValueError):
-            raise AuthError(401, "Invalid token", errcode=Codes.UNKNOWN_TOKEN)
+        except Exception:
+            raise AuthError(403, "Invalid token", errcode=Codes.FORBIDDEN)
 
     def _generate_base_macaroon(self, user_id):
         macaroon = pymacaroons.Macaroon(
author	Richard van der Hoff <richard@matrix.org>	2016-08-09 16:29:28 +0100
committer	Richard van der Hoff <richard@matrix.org>	2016-08-09 16:29:28 +0100
commit	79ebfbe7c62400a2b63d67fb65b1abce29d8bf38 (patch)
tree	26e4b83a7d09be3238a5b430f52b41e385ff78af /synapse/handlers
parent	Merge pull request #995 from matrix-org/rav/clean_up_cas_login (diff)
download	synapse-79ebfbe7c62400a2b63d67fb65b1abce29d8bf38.tar.xz