Handle an empty cookie as an invalid macaroon. (#9620)

* Handle an empty cookie as an invalid macaroon. * Newsfragment
author: Patrick Cloke <clokep@users.noreply.github.com> 2021-03-16 07:29:35 -0400
committer: GitHub <noreply@github.com> 2021-03-16 11:29:35 +0000
commit: 1383508f2956345fd86de1779dd2f6e723c536c5 (patch)
tree: abd5e21ccd6c4df3320cdd6c7168cd7af87a809c /synapse
parent: Add support for stable MSC2858 API (#9617) (diff)
download: synapse-1383508f2956345fd86de1779dd2f6e723c536c5.tar.xz
1 files changed, 2 insertions, 1 deletions
diff --git a/synapse/handlers/oidc_handler.py b/synapse/handlers/oidc_handler.py
index 01c91f9d1c..6d8551a6d6 100644
--- a/synapse/handlers/oidc_handler.py
+++ b/synapse/handlers/oidc_handler.py
@@ -29,6 +29,7 @@ from authlib.oidc.discovery import OpenIDProviderMetadata, get_well_known_url
 from jinja2 import Environment, Template
 from pymacaroons.exceptions import (
     MacaroonDeserializationException,
+    MacaroonInitException,
     MacaroonInvalidSignatureException,
 )
 from typing_extensions import TypedDict
@@ -217,7 +218,7 @@ class OidcHandler:
             session_data = self._token_generator.verify_oidc_session_token(
                 session, state
             )
-        except (MacaroonDeserializationException, KeyError) as e:
+        except (MacaroonInitException, MacaroonDeserializationException, KeyError) as e:
             logger.exception("Invalid session for OIDC callback")
             self._sso_handler.render_error(request, "invalid_session", str(e))
             return
author	Patrick Cloke <clokep@users.noreply.github.com>	2021-03-16 07:29:35 -0400
committer	GitHub <noreply@github.com>	2021-03-16 11:29:35 +0000
commit	1383508f2956345fd86de1779dd2f6e723c536c5 (patch)
tree	abd5e21ccd6c4df3320cdd6c7168cd7af87a809c /synapse
parent	Add support for stable MSC2858 API (#9617) (diff)
download	synapse-1383508f2956345fd86de1779dd2f6e723c536c5.tar.xz