From 731dfff3478d44cfe9b00491c353ca1086a70994 Mon Sep 17 00:00:00 2001 From: Patrick Cloke Date: Thu, 20 Aug 2020 06:41:32 -0400 Subject: Ensure a group ID is valid before trying to get rooms for it. (#8129) --- changelog.d/8129.bugfix | 1 + synapse/rest/client/v2_alpha/groups.py | 4 ++++ 2 files changed, 5 insertions(+) create mode 100644 changelog.d/8129.bugfix diff --git a/changelog.d/8129.bugfix b/changelog.d/8129.bugfix new file mode 100644 index 0000000000..79eae9db6b --- /dev/null +++ b/changelog.d/8129.bugfix @@ -0,0 +1 @@ +Return a proper error code when the rooms of an invalid group are requested. diff --git a/synapse/rest/client/v2_alpha/groups.py b/synapse/rest/client/v2_alpha/groups.py index d84a6d7e11..13ecf7005d 100644 --- a/synapse/rest/client/v2_alpha/groups.py +++ b/synapse/rest/client/v2_alpha/groups.py @@ -16,6 +16,7 @@ import logging +from synapse.api.errors import SynapseError from synapse.http.servlet import RestServlet, parse_json_object_from_request from synapse.types import GroupID @@ -325,6 +326,9 @@ class GroupRoomServlet(RestServlet): requester = await self.auth.get_user_by_req(request, allow_guest=True) requester_user_id = requester.user.to_string() + if not GroupID.is_valid(group_id): + raise SynapseError(400, "%s was not legal group ID" % (group_id,)) + result = await self.groups_handler.get_rooms_in_group( group_id, requester_user_id ) -- cgit 1.4.1