summary refs log tree commit diff
path: root/tests/rest/client/test_login.py
diff options
context:
space:
mode:
authorShay <hillerys@element.io>2022-04-13 10:04:01 -0700
committerGitHub <noreply@github.com>2022-04-13 10:04:01 -0700
commit8e2759f2d86d68fa621ba51ae73171e25fe9510d (patch)
tree25c0789573598c89c9c7c58e78892bd24eeaffa3 /tests/rest/client/test_login.py
parentdocs: Don't render the table of contents on the print page (#12340) (diff)
downloadsynapse-8e2759f2d86d68fa621ba51ae73171e25fe9510d.tar.xz
Limit `device_id` size to 512B (#12454)
*
Diffstat (limited to 'tests/rest/client/test_login.py')
-rw-r--r--tests/rest/client/test_login.py27
1 files changed, 26 insertions, 1 deletions
diff --git a/tests/rest/client/test_login.py b/tests/rest/client/test_login.py
index 090d2d0a29..0a3d017dc9 100644
--- a/tests/rest/client/test_login.py
+++ b/tests/rest/client/test_login.py
@@ -11,7 +11,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+import json
 import time
 import urllib.parse
 from typing import Any, Dict, List, Optional, Union
@@ -384,6 +384,31 @@ class LoginRestServletTestCase(unittest.HomeserverTestCase):
         channel = self.make_request(b"POST", "/logout/all", access_token=access_token)
         self.assertEqual(channel.result["code"], b"200", channel.result)
 
+    def test_login_with_overly_long_device_id_fails(self) -> None:
+        self.register_user("mickey", "cheese")
+
+        # create a device_id longer than 512 characters
+        device_id = "yolo" * 512
+
+        body = {
+            "type": "m.login.password",
+            "user": "mickey",
+            "password": "cheese",
+            "device_id": device_id,
+        }
+
+        # make a login request with the bad device_id
+        channel = self.make_request(
+            "POST",
+            "/_matrix/client/v3/login",
+            json.dumps(body).encode("utf8"),
+            custom_headers=None,
+        )
+
+        # test that the login fails with the correct error code
+        self.assertEqual(channel.code, 400)
+        self.assertEqual(channel.json_body["errcode"], "M_INVALID_PARAM")
+
 
 @skip_unless(has_saml2 and HAS_OIDC, "Requires SAML2 and OIDC")
 class MultiSSOTestCase(unittest.HomeserverTestCase):