From 052cf9cbcb5ec43ca93d8e5f1402a505f6092cbf Mon Sep 17 00:00:00 2001 From: David Florness Date: Fri, 27 Nov 2020 14:14:37 -0500 Subject: [PATCH] Raise 400 error for /_synapse/admin/v1/register on missing mac Signed-off-by: David Florness --- changelog.d/8837.bugfix | 1 + synapse/rest/admin/users.py | 3 +++ 2 files changed, 4 insertions(+) create mode 100644 changelog.d/8837.bugfix diff --git a/changelog.d/8837.bugfix b/changelog.d/8837.bugfix new file mode 100644 index 000000000000..b2977d0c312e --- /dev/null +++ b/changelog.d/8837.bugfix @@ -0,0 +1 @@ +Fix a long standing bug in the register admin endpoint (`/_synapse/admin/v1/register`) when the `mac` field was not provided. The endpoint now properly returns a 400 error. Contributed by @edwargix. diff --git a/synapse/rest/admin/users.py b/synapse/rest/admin/users.py index b0ff5e1ead22..90940ff18549 100644 --- a/synapse/rest/admin/users.py +++ b/synapse/rest/admin/users.py @@ -420,6 +420,9 @@ async def on_POST(self, request): if user_type is not None and user_type not in UserTypes.ALL_USER_TYPES: raise SynapseError(400, "Invalid user type") + if "mac" not in body: + raise SynapseError(400, "mac must be specified", errcode=Codes.BAD_JSON) + got_mac = body["mac"] want_mac_builder = hmac.new(