OpenCloud
/
MatrixSynapse
mirror of https://github.com/matrix-org/synapse
1
0
Fork 0
Code Issues Releases Wiki Activity

Remove trailing slash ability from password reset's submit_token endpoint (#6074) 

Remove trailing slash ability from the password reset submit_token endpoint. Since we provide the link in an email, and have never sent it with a trailing slash, there's no point for us to accept them on the endpoint.
pull/6083/head
Andrew Morgan 2019-09-20 14:58:37 +01:00 committed by GitHub
parent aeb40f355c
commit 7763dd3e95
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
changelog.d/6074.feature Normal file
View File

@ -0,0 +1 @@
Prevent password reset's submit_token endpoint from accepting trailing slashes.

2
synapse/rest/client/v2_alpha/account.py
View File

@ -200,7 +200,7 @@ class PasswordResetSubmitTokenServlet(RestServlet):
"""Handles 3PID validation token submission""" """Handles 3PID validation token submission"""
PATTERNS = client_patterns( PATTERNS = client_patterns(
"/password_reset/(?P<medium>[^/]*)/submit_token/*$", releases=(), unstable=True "/password_reset/(?P<medium>[^/]*)/submit_token$", releases=(), unstable=True
) )
def __init__(self, hs): def __init__(self, hs):