Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Don't fail /submit_token requests on incorrect session ID if request_token_inhibit_3pid_errors is turned on #7991

Merged
merged 9 commits into from
Aug 24, 2020
Merged

Don't fail /submit_token requests on incorrect session ID if request_token_inhibit_3pid_errors is turned on #7991

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
25fb1be
Don't raise session_id errors on submit_token if request_token_inhibi…
babolivier Jul 29, 2020
0782876
Changelog
babolivier Jul 29, 2020
8f21187
Also wait some time before responding to /requestToken
babolivier Jul 30, 2020
64b7b8f
Merge branch 'develop' of github.com:matrix-org/synapse into babolivi…
babolivier Aug 11, 2020
5667775
Incorporate review
babolivier Aug 12, 2020
1184728
Update synapse/storage/databases/main/registration.py
babolivier Aug 24, 2020
d6cd41c
Merge branch 'develop' of github.com:matrix-org/synapse into babolivi…
babolivier Aug 24, 2020
f80d614
Incorporate review
babolivier Aug 24, 2020
a8c7375
Merge branch 'babolivier/3pid_inhibit_validation' of github.com:matri…
babolivier Aug 24, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions synapse/storage/databases/main/registration.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1323,6 +1323,14 @@ def validate_threepid_session_txn(txn):

if not row:
if self._ignore_unknown_session_error:
# If we need to inhibit the error caused by an incorrect session,
# use None as placeholder values for the client secret and the
# validation timestamp if the session ID doesn't exist.
babolivier marked this conversation as resolved.
Show resolved Hide resolved
# It shouldn't be an issue because they're both only checked after
# the token check, which should fail. And if it doesn't for some
# reason, the next check is on the client secret, which is NOT NULL,
# so we don't have to worry about the client secret matching by
# accident.
row = {"client_secret": None, "validated_at": None}
else:
raise ThreepidValidationError(400, "Unknown session_id")
Expand Down
27 changes: 27 additions & 0 deletions tests/storage/test_registration.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
from twisted.internet import defer

from synapse.api.constants import UserTypes
from synapse.api.errors import ThreepidValidationError

from tests import unittest
from tests.utils import setup_test_homeserver
Expand Down Expand Up @@ -116,3 +117,29 @@ def test_is_support_user(self):
)
res = yield self.store.is_support_user(SUPPORT_USER)
self.assertTrue(res)

@defer.inlineCallbacks
def test_3pid_inhibit_invalid_validation_session_error(self):
"""Tests that enabling the configuration option to inhibit 3PID errors on
/requestToken also inhibits validation errors caused by an unknown session ID.
"""

# Check that, with the config setting set to false (the default value), a
# validation error is caused by the unknown session ID.
try:
yield self.store.validate_threepid_session(
babolivier marked this conversation as resolved.
Show resolved Hide resolved
"fake_sid", "fake_client_secret", "fake_token", 0,
)
except ThreepidValidationError as e:
self.assertEquals(e.msg, "Unknown session_id", e)

# Set the config setting to true.
self.store._ignore_unknown_session_error = True

# Check that now the validation error is caused by the token not matching.
try:
yield self.store.validate_threepid_session(
"fake_sid", "fake_client_secret", "fake_token", 0,
)
except ThreepidValidationError as e:
self.assertEquals(e.msg, "Validation token not found or has expired", e)