Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Additional validation for /receipts.
Browse files Browse the repository at this point in the history
  • Loading branch information
@clokep
clokep committed Sep 23, 2022
1 parent 32a54f3 commit 0b892c5
Showing 1 changed file with 20 additions and 2 deletions.
22 changes: 20 additions & 2 deletions synapse/rest/client/receipts.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
from typing import TYPE_CHECKING, Tuple

from synapse.api.constants import ReceiptTypes
from synapse.api.errors import SynapseError
from synapse.api.errors import Codes, SynapseError
from synapse.http.server import HttpServer
from synapse.http.servlet import RestServlet, parse_json_object_from_request
from synapse.http.site import SynapseRequest
Expand All @@ -43,6 +43,7 @@ def __init__(self, hs: "HomeServer"):
self.receipts_handler = hs.get_receipts_handler()
self.read_marker_handler = hs.get_read_marker_handler()
self.presence_handler = hs.get_presence_handler()
self._main_store = hs.get_datastores().main

self._known_receipt_types = {
ReceiptTypes.READ,
Expand Down Expand Up @@ -71,7 +72,24 @@ async def on_POST(
thread_id = body.get("thread_id")
if not thread_id or not isinstance(thread_id, str):
raise SynapseError(
400, "thread_id field must be a non-empty string"
400,
"thread_id field must be a non-empty string",
Codes.INVALID_PARAM,
)

if receipt_type == ReceiptTypes.FULLY_READ:
raise SynapseError(
400,
f"thread_id is not compatible with {ReceiptTypes.FULLY_READ} receipts.",
Codes.INVALID_PARAM,
)

# Ensure the event ID roughly correlates to the thread ID.
if thread_id != await self._main_store.get_thread_id(event_id):
raise SynapseError(
400,
f"event_id {event_id} is not related to thread {thread_id}",
Codes.INVALID_PARAM,
)

await self.presence_handler.bump_presence_active_time(requester.user)
Expand Down

0 comments on commit 0b892c5

Please sign in to comment.