Raise a SynapseError if the authorisation header is missing or malformed

author: Mark Haines <mark.haines@matrix.org> 2014-10-13 15:53:18 +0100
committer: Mark Haines <mark.haines@matrix.org> 2014-10-13 15:53:18 +0100
commit: 25d80f35f10239b280cf374f60ccb552087fcf44 (patch)
tree: 3a926b1b1bfa7114cfcdc82c01ca3cf22e19c43b /synapse
parent: Remove debug logging, raise a proper SynapseError if the auth header is missing (diff)
download: synapse-25d80f35f10239b280cf374f60ccb552087fcf44.tar.xz
1 files changed, 27 insertions, 19 deletions
diff --git a/synapse/federation/transport.py b/synapse/federation/transport.py
index 93134ee274..7a4c1f6443 100644
--- a/synapse/federation/transport.py
+++ b/synapse/federation/transport.py
@@ -211,36 +211,44 @@ class TransportLayer(object):
 
         if request.method == "PUT":
             #TODO: Handle other method types? other content types?
-            content_bytes = request.content.read()
-            content = json.loads(content_bytes)
-            json_request["content"] = content
+            try:
+                content_bytes = request.content.read()
+                content = json.loads(content_bytes)
+                json_request["content"] = content
+            except:
+                raise SynapseError(400, "Unable to parse JSON", Codes.BAD_JSON)
 
         def parse_auth_header(header_str):
-            params = auth.split(" ")[1].split(",")
-            param_dict = dict(kv.split("=") for kv in params)
-            def strip_quotes(value):
-                if value.startswith("\""):
-                    return value[1:-1]
-                else:
-                    return value
-            origin = strip_quotes(param_dict["origin"])
-            key = strip_quotes(param_dict["key"])
-            sig = strip_quotes(param_dict["sig"])
-            return (origin, key, sig)
+            try:
+                params = auth.split(" ")[1].split(",")
+                param_dict = dict(kv.split("=") for kv in params)
+                def strip_quotes(value):
+                    if value.startswith("\""):
+                        return value[1:-1]
+                    else:
+                        return value
+                origin = strip_quotes(param_dict["origin"])
+                key = strip_quotes(param_dict["key"])
+                sig = strip_quotes(param_dict["sig"])
+                return (origin, key, sig)
+            except:
+                raise SynapseError(
+                    400, "Malformed Authorization Header", Codes.FORBIDDEN
+                )
 
         auth_headers = request.requestHeaders.getRawHeaders(b"Authorization")
 
-        if not auth_headers:
-            raise SynapseError(
-                401, "Missing Authorization headers", Codes.FORBIDDEN,
-            )
-
         for auth in auth_headers:
             if auth.startswith("X-Matrix"):
                 (origin, key, sig) = parse_auth_header(auth)
                 json_request["origin"] = origin
                 json_request["signatures"].setdefault(origin,{})[key] = sig
 
+        if not json_request["signatures"]:
+            raise SynapseError(
+                401, "Missing Authorization headers", Codes.FORBIDDEN,
+            )
+
         yield self.keyring.verify_json_for_server(origin, json_request)
 
         defer.returnValue((origin, content))
author	Mark Haines <mark.haines@matrix.org>	2014-10-13 15:53:18 +0100
committer	Mark Haines <mark.haines@matrix.org>	2014-10-13 15:53:18 +0100
commit	25d80f35f10239b280cf374f60ccb552087fcf44 (patch)
tree	3a926b1b1bfa7114cfcdc82c01ca3cf22e19c43b /synapse
parent	Remove debug logging, raise a proper SynapseError if the auth header is missing (diff)
download	synapse-25d80f35f10239b280cf374f60ccb552087fcf44.tar.xz