Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Synapse reads timeout on /keys/query CS endpoint as a query parameter, not from the JSON body #14285

Open
DMRobertson opened this issue Oct 24, 2022 · 1 comment
Open

Synapse reads timeout on /keys/query CS endpoint as a query parameter, not from the JSON body #14285

DMRobertson opened this issue Oct 24, 2022 · 1 comment
Labels
A-Spec-Compliance places where synapse does not conform to the spec A-Validation 500 (mostly) errors due to lack of event/parameter validation O-Occasional Affects or can be seen by some users regularly or most users rarely S-Tolerable Minor significance, cosmetic issues, low or no impact to users. T-Defect Bugs, crashes, hangs, security vulnerabilities, or other reported issues.

Comments

@DMRobertson
Copy link
Contributor

synapse/synapse/rest/client/keys.py

Lines 160 to 182 in d3d9ca1

async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
requester = await self.auth.get_user_by_req(request, allow_guest=True)
user_id = requester.user.to_string()
device_id = requester.device_id
timeout = parse_integer(request, "timeout", 10 * 1000)
body = parse_json_object_from_request(request)
device_keys = body.get("device_keys")
if not isinstance(device_keys, dict):
raise InvalidAPICallError("'device_keys' must be a JSON object")
def is_list_of_strings(values: Any) -> bool:
return isinstance(values, list) and all(isinstance(v, str) for v in values)
if any(not is_list_of_strings(keys) for keys in device_keys.values()):
raise InvalidAPICallError(
"'device_keys' values must be a list of strings",
)
result = await self.e2e_keys_handler.query_devices(
body, timeout, user_id, device_id
)
return 200, result

Spec: https://spec.matrix.org/v1.4/client-server-api/#post_matrixclientv3keysquery

Would be ideally fixed by #14266.
@DMRobertson DMRobertson added A-Spec-Compliance places where synapse does not conform to the spec A-Validation 500 (mostly) errors due to lack of event/parameter validation S-Tolerable Minor significance, cosmetic issues, low or no impact to users. T-Defect Bugs, crashes, hangs, security vulnerabilities, or other reported issues. O-Occasional Affects or can be seen by some users regularly or most users rarely labels Oct 24, 2022
@DMRobertson
Copy link
Contributor Author

AFAICS dendrite follows the spec.

@matrixbot matrixbot mentioned this issue Dec 21, 2023
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
A-Spec-Compliance places where synapse does not conform to the spec A-Validation 500 (mostly) errors due to lack of event/parameter validation O-Occasional Affects or can be seen by some users regularly or most users rarely S-Tolerable Minor significance, cosmetic issues, low or no impact to users. T-Defect Bugs, crashes, hangs, security vulnerabilities, or other reported issues.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@DMRobertson