OpenCloud
/
MatrixSynapse
mirror of https://github.com/matrix-org/synapse
1
0
Fork 0
Code Issues Releases Wiki Activity

Revert emergency registration patches 

Revert "Merge remote-tracking branch 'origin/clokep/no-validate-ui-auth-sess' into matrix-org-hotfixes"

This reverts commit 5adad58d95, reversing
changes made to 617541c4c6.
pull/8675/head
Richard van der Hoff 2020-05-11 13:08:14 +01:00
parent 5adad58d95
commit 6610343332
3 changed files with 1 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
synapse/handlers/auth.py
View File

@ -317,7 +317,7 @@ class AuthHandler(BaseHandler):
except StoreError: except StoreError:
raise SynapseError(400, "Unknown session ID: %s" % (sid,)) raise SynapseError(400, "Unknown session ID: %s" % (sid,))
if clientdict: if not clientdict:
# This was designed to allow the client to omit the parameters # This was designed to allow the client to omit the parameters
# and just supply the session in subsequent calls so it split # and just supply the session in subsequent calls so it split
# auth between devices by just sharing the session, (eg. so you # auth between devices by just sharing the session, (eg. so you
@ -327,8 +327,6 @@ class AuthHandler(BaseHandler):
# on a homeserver. # on a homeserver.
# Revisit: Assuming the REST APIs do sensible validation, the data # Revisit: Assuming the REST APIs do sensible validation, the data
# isn't arbitrary. # isn't arbitrary.
await self.store.set_ui_auth_clientdict(sid, clientdict)
else:
clientdict = session.clientdict clientdict = session.clientdict
if not authdict: if not authdict:

21
synapse/storage/data_stores/main/ui_auth.py
View File

@ -172,27 +172,6 @@ class UIAuthWorkerStore(SQLBaseStore):
return results return results
async def set_ui_auth_clientdict(
self, session_id: str, clientdict: JsonDict
) -> None:
"""
Store an updated clientdict for a given session ID.
Args:
session_id: The ID of this session as returned from check_auth
clientdict:
The dictionary from the client root level, not the 'auth' key.
"""
# The clientdict gets stored as JSON.
clientdict_json = json.dumps(clientdict)
self.db.simple_update_one(
table="ui_auth_sessions",
keyvalues={"session_id": session_id},
updatevalues={"clientdict": clientdict_json},
desc="set_ui_auth_client_dict",
)
async def set_ui_auth_session_data(self, session_id: str, key: str, value: Any): async def set_ui_auth_session_data(self, session_id: str, key: str, value: Any):
""" """
Store a key-value pair into the sessions data associated with this Store a key-value pair into the sessions data associated with this

3
tests/rest/client/v2_alpha/test_auth.py
View File

@ -182,9 +182,6 @@ class FallbackAuthTests(unittest.HomeserverTestCase):
self.render(request) self.render(request)
self.assertEqual(channel.code, 403) self.assertEqual(channel.code, 403)
# This behavior is currently disabled.
test_cannot_change_operation.skip = True
def test_complete_operation_unknown_session(self): def test_complete_operation_unknown_session(self):
""" """
Attempting to mark an invalid session as complete should error. Attempting to mark an invalid session as complete should error.