From 1383508f2956345fd86de1779dd2f6e723c536c5 Mon Sep 17 00:00:00 2001 From: Patrick Cloke Date: Tue, 16 Mar 2021 07:29:35 -0400 Subject: Handle an empty cookie as an invalid macaroon. (#9620) * Handle an empty cookie as an invalid macaroon. * Newsfragment --- synapse/handlers/oidc_handler.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'synapse') diff --git a/synapse/handlers/oidc_handler.py b/synapse/handlers/oidc_handler.py index 01c91f9d1c..6d8551a6d6 100644 --- a/synapse/handlers/oidc_handler.py +++ b/synapse/handlers/oidc_handler.py @@ -29,6 +29,7 @@ from authlib.oidc.discovery import OpenIDProviderMetadata, get_well_known_url from jinja2 import Environment, Template from pymacaroons.exceptions import ( MacaroonDeserializationException, + MacaroonInitException, MacaroonInvalidSignatureException, ) from typing_extensions import TypedDict @@ -217,7 +218,7 @@ class OidcHandler: session_data = self._token_generator.verify_oidc_session_token( session, state ) - except (MacaroonDeserializationException, KeyError) as e: + except (MacaroonInitException, MacaroonDeserializationException, KeyError) as e: logger.exception("Invalid session for OIDC callback") self._sso_handler.render_error(request, "invalid_session", str(e)) return -- cgit 1.5.1