From 6fbf89a166057d657b3fb742efdfccbedbfc8436 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Thu, 24 Sep 2020 17:16:59 +0100 Subject: [PATCH] Return the correct error codes for v6 invite JSON violations (#1440) * Return the correct error codes for v6 invite JSON violations * Update sytest-whitelist --- federationapi/routing/invite.go | 21 ++++++++++++++++++--- federationapi/routing/leave.go | 9 ++++++++- sytest-whitelist | 2 ++ 3 files changed, 28 insertions(+), 4 deletions(-) diff --git a/federationapi/routing/invite.go b/federationapi/routing/invite.go index 6ce100ef..16c0441b 100644 --- a/federationapi/routing/invite.go +++ b/federationapi/routing/invite.go @@ -39,7 +39,15 @@ func InviteV2( keys gomatrixserverlib.JSONVerifier, ) util.JSONResponse { inviteReq := gomatrixserverlib.InviteV2Request{} - if err := json.Unmarshal(request.Content(), &inviteReq); err != nil { + err := json.Unmarshal(request.Content(), &inviteReq) + switch err.(type) { + case gomatrixserverlib.BadJSONError: + return util.JSONResponse{ + Code: http.StatusBadRequest, + JSON: jsonerror.BadJSON(err.Error()), + } + case nil: + default: return util.JSONResponse{ Code: http.StatusBadRequest, JSON: jsonerror.NotJSON("The request body could not be decoded into an invite request. " + err.Error()), @@ -63,10 +71,17 @@ func InviteV1( roomVer := gomatrixserverlib.RoomVersionV1 body := request.Content() event, err := gomatrixserverlib.NewEventFromTrustedJSON(body, false, roomVer) - if err != nil { + switch err.(type) { + case gomatrixserverlib.BadJSONError: return util.JSONResponse{ Code: http.StatusBadRequest, - JSON: jsonerror.NotJSON("The request body could not be decoded into an invite v1 request: " + err.Error()), + JSON: jsonerror.BadJSON(err.Error()), + } + case nil: + default: + return util.JSONResponse{ + Code: http.StatusBadRequest, + JSON: jsonerror.NotJSON("The request body could not be decoded into an invite v1 request. " + err.Error()), } } var strippedState []gomatrixserverlib.InviteV2StrippedState diff --git a/federationapi/routing/leave.go b/federationapi/routing/leave.go index 8bb0a8a9..e16dfcc2 100644 --- a/federationapi/routing/leave.go +++ b/federationapi/routing/leave.go @@ -138,7 +138,14 @@ func SendLeave( // Decode the event JSON from the request. event, err := gomatrixserverlib.NewEventFromUntrustedJSON(request.Content(), verRes.RoomVersion) - if err != nil { + switch err.(type) { + case gomatrixserverlib.BadJSONError: + return util.JSONResponse{ + Code: http.StatusBadRequest, + JSON: jsonerror.BadJSON(err.Error()), + } + case nil: + default: return util.JSONResponse{ Code: http.StatusBadRequest, JSON: jsonerror.NotJSON("The request body could not be decoded into valid JSON. " + err.Error()), diff --git a/sytest-whitelist b/sytest-whitelist index f609dd6a..e049f8e7 100644 --- a/sytest-whitelist +++ b/sytest-whitelist @@ -478,3 +478,5 @@ Inbound federation accepts a second soft-failed event Federation key API can act as a notary server via a POST request Federation key API can act as a notary server via a GET request Inbound /make_join rejects attempts to join rooms where all users have left +Inbound federation rejects invites which include invalid JSON for room version 6 +Inbound federation rejects invite rejections which include invalid JSON for room version 6