diff --git a/synapse/federation/transport.py b/synapse/federation/transport.py
index 93134ee274..7a4c1f6443 100644
--- a/synapse/federation/transport.py
+++ b/synapse/federation/transport.py
@@ -211,36 +211,44 @@ class TransportLayer(object):
if request.method == "PUT":
#TODO: Handle other method types? other content types?
- content_bytes = request.content.read()
- content = json.loads(content_bytes)
- json_request["content"] = content
+ try:
+ content_bytes = request.content.read()
+ content = json.loads(content_bytes)
+ json_request["content"] = content
+ except:
+ raise SynapseError(400, "Unable to parse JSON", Codes.BAD_JSON)
def parse_auth_header(header_str):
- params = auth.split(" ")[1].split(",")
- param_dict = dict(kv.split("=") for kv in params)
- def strip_quotes(value):
- if value.startswith("\""):
- return value[1:-1]
- else:
- return value
- origin = strip_quotes(param_dict["origin"])
- key = strip_quotes(param_dict["key"])
- sig = strip_quotes(param_dict["sig"])
- return (origin, key, sig)
+ try:
+ params = auth.split(" ")[1].split(",")
+ param_dict = dict(kv.split("=") for kv in params)
+ def strip_quotes(value):
+ if value.startswith("\""):
+ return value[1:-1]
+ else:
+ return value
+ origin = strip_quotes(param_dict["origin"])
+ key = strip_quotes(param_dict["key"])
+ sig = strip_quotes(param_dict["sig"])
+ return (origin, key, sig)
+ except:
+ raise SynapseError(
+ 400, "Malformed Authorization Header", Codes.FORBIDDEN
+ )
auth_headers = request.requestHeaders.getRawHeaders(b"Authorization")
- if not auth_headers:
- raise SynapseError(
- 401, "Missing Authorization headers", Codes.FORBIDDEN,
- )
-
for auth in auth_headers:
if auth.startswith("X-Matrix"):
(origin, key, sig) = parse_auth_header(auth)
json_request["origin"] = origin
json_request["signatures"].setdefault(origin,{})[key] = sig
+ if not json_request["signatures"]:
+ raise SynapseError(
+ 401, "Missing Authorization headers", Codes.FORBIDDEN,
+ )
+
yield self.keyring.verify_json_for_server(origin, json_request)
defer.returnValue((origin, content))
diff --git a/tests/utils.py b/tests/utils.py
index 83dbd4f4d3..60fd6085ac 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -79,6 +79,10 @@ class MockHttpResource(HttpServer):
mock_request.method = http_method
mock_request.uri = path
+ mock_request.requestHeaders.getRawHeaders.return_value=[
+ "X-Matrix origin=test,key=,sig="
+ ]
+
# return the right path if the event requires it
mock_request.path = path
|
