diff options
| author | David Baker <dave@matrix.org> | 2015-07-15 19:28:03 +0100 |
|---|---|---|
| committer | David Baker <dave@matrix.org> | 2015-07-15 19:28:57 +0100 |
| commit | 4da05fa0ae32425ce2755dcd479bb4c97f43b30e (patch) | |
| tree | 9a93f7ca85e2e08a2e41d17faa47c2a04d824c7b /synapse | |
| parent | bump up image quality a bit more as it looks crap (diff) | |
| download | synapse-4da05fa0ae32425ce2755dcd479bb4c97f43b30e.tar.xz | |
Add back in support for remembering parameters submitted to a user-interactive auth call.
Diffstat (limited to 'synapse')
| -rw-r--r-- | synapse/handlers/auth.py | 6 | ||||
| -rw-r--r-- | synapse/rest/client/v2_alpha/register.py | 11 |
2 files changed, 13 insertions, 4 deletions
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py index 63071653a3..1ecf7fef17 100644 --- a/synapse/handlers/auth.py +++ b/synapse/handlers/auth.py @@ -85,8 +85,10 @@ class AuthHandler(BaseHandler): # email auth link on there). It's probably too open to abuse # because it lets unauthenticated clients store arbitrary objects # on a home server. - # sess['clientdict'] = clientdict - # self._save_session(sess) + # Revisit: Assumimg the REST APIs do sensible validation, the data + # isn't arbintrary. + sess['clientdict'] = clientdict + self._save_session(sess) pass elif 'clientdict' in sess: clientdict = sess['clientdict'] diff --git a/synapse/rest/client/v2_alpha/register.py b/synapse/rest/client/v2_alpha/register.py index 72dfb876c5..fa44572b7b 100644 --- a/synapse/rest/client/v2_alpha/register.py +++ b/synapse/rest/client/v2_alpha/register.py @@ -57,10 +57,17 @@ class RegisterRestServlet(RestServlet): yield run_on_reactor() body = parse_request_allow_empty(request) - if 'password' not in body: - raise SynapseError(400, "", Codes.MISSING_PARAM) + # we do basic sanity checks here because the auth layerwill store these in sessions + if 'password' in body: + print "%r" % (body['password']) + if (not isinstance(body['password'], str) and + not isinstance(body['password'], unicode)) or len(body['password']) > 512: + raise SynapseError(400, "Invalid password") if 'username' in body: + if (not isinstance(body['username'], str) and + not isinstance(body['username'], unicode)) or len(body['username']) > 512: + raise SynapseError(400, "Invalid username") desired_username = body['username'] yield self.registration_handler.check_username(desired_username) |