diff options
author | Patrick Cloke <clokep@users.noreply.github.com> | 2023-03-24 08:31:14 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-03-24 08:31:14 -0400 |
commit | 68a671731207645f693e4e48676781b9a1acb838 (patch) | |
tree | 87bdfb103a428603645249c79d7a074e02f6e312 /synapse/http/servlet.py | |
parent | Reintroduce membership tables event stream ordering (#15128) (diff) | |
download | synapse-68a671731207645f693e4e48676781b9a1acb838.tar.xz |
Reject mentions on the C-S API which are invalid. (#15311)
Invalid mentions data received over the Client-Server API should be rejected with a 400 error. This will hopefully stop clients from sending invalid data, although does not help with data received over federation.
Diffstat (limited to 'synapse/http/servlet.py')
-rw-r--r-- | synapse/http/servlet.py | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/synapse/http/servlet.py b/synapse/http/servlet.py index 0070bd2940..fc62793628 100644 --- a/synapse/http/servlet.py +++ b/synapse/http/servlet.py @@ -778,17 +778,13 @@ def parse_json_object_from_request( Model = TypeVar("Model", bound=BaseModel) -def parse_and_validate_json_object_from_request( - request: Request, model_type: Type[Model] -) -> Model: - """Parse a JSON object from the body of a twisted HTTP request, then deserialise and - validate using the given pydantic model. +def validate_json_object(content: JsonDict, model_type: Type[Model]) -> Model: + """Validate a deserialized JSON object using the given pydantic model. Raises: SynapseError if the request body couldn't be decoded as JSON or if it wasn't a JSON object. """ - content = parse_json_object_from_request(request, allow_empty_body=False) try: instance = model_type.parse_obj(content) except ValidationError as e: @@ -811,6 +807,20 @@ def parse_and_validate_json_object_from_request( return instance +def parse_and_validate_json_object_from_request( + request: Request, model_type: Type[Model] +) -> Model: + """Parse a JSON object from the body of a twisted HTTP request, then deserialise and + validate using the given pydantic model. + + Raises: + SynapseError if the request body couldn't be decoded as JSON or + if it wasn't a JSON object. + """ + content = parse_json_object_from_request(request, allow_empty_body=False) + return validate_json_object(content, model_type) + + def assert_params_in_dict(body: JsonDict, required: Iterable[str]) -> None: absent = [] for k in required: |