diff --git a/tests/rest/client/test_login.py b/tests/rest/client/test_login.py
index 090d2d0a29..0a3d017dc9 100644
--- a/tests/rest/client/test_login.py
+++ b/tests/rest/client/test_login.py
@@ -11,7 +11,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
+import json
import time
import urllib.parse
from typing import Any, Dict, List, Optional, Union
@@ -384,6 +384,31 @@ class LoginRestServletTestCase(unittest.HomeserverTestCase):
channel = self.make_request(b"POST", "/logout/all", access_token=access_token)
self.assertEqual(channel.result["code"], b"200", channel.result)
+ def test_login_with_overly_long_device_id_fails(self) -> None:
+ self.register_user("mickey", "cheese")
+
+ # create a device_id longer than 512 characters
+ device_id = "yolo" * 512
+
+ body = {
+ "type": "m.login.password",
+ "user": "mickey",
+ "password": "cheese",
+ "device_id": device_id,
+ }
+
+ # make a login request with the bad device_id
+ channel = self.make_request(
+ "POST",
+ "/_matrix/client/v3/login",
+ json.dumps(body).encode("utf8"),
+ custom_headers=None,
+ )
+
+ # test that the login fails with the correct error code
+ self.assertEqual(channel.code, 400)
+ self.assertEqual(channel.json_body["errcode"], "M_INVALID_PARAM")
+
@skip_unless(has_saml2 and HAS_OIDC, "Requires SAML2 and OIDC")
class MultiSSOTestCase(unittest.HomeserverTestCase):
|
