Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Add validation of format for 3pid and add validation of 3pid in admin api #7022

Closed
wants to merge 8 commits into from
Closed
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Not final commit, update of PR after review.
dklimpel committed Mar 30, 2020
commit dbaf0a3fc26f3d7e2d02c3c9f30d281ecba4fd10
1 change: 0 additions & 1 deletion changelog.d/6398.bugfix

This file was deleted.

4 changes: 2 additions & 2 deletions synapse/rest/admin/users.py
Original file line number Diff line number Diff line change
@@ -203,7 +203,7 @@ async def on_PUT(self, request, user_id):
if not check_3pid_valid_format(threepid["medium"], address):
raise SynapseError(
400,
"Third party identifier has not a valid format",
"Third party identifier has an invalid format",
Codes.INVALID_THREEPID,
)

@@ -306,7 +306,7 @@ async def on_PUT(self, request, user_id):
if not check_3pid_valid_format(threepid["medium"], address):
raise SynapseError(
400,
"Third party identifier has not a valid format",
"Third party identifier has an invalid format",
Codes.INVALID_THREEPID,
)

6 changes: 3 additions & 3 deletions synapse/rest/client/v2_alpha/account.py
Original file line number Diff line number Diff line change
@@ -91,7 +91,7 @@ async def on_POST(self, request):
if not check_3pid_valid_format("email", email):
raise SynapseError(
400,
"Third party identifier has not a valid format",
"Third party identifier has an invalid format",
Codes.INVALID_THREEPID,
)

@@ -373,7 +373,7 @@ async def on_POST(self, request):
if not check_3pid_valid_format("email", email):
raise SynapseError(
400,
"Third party identifier has not a valid format",
"Third party identifier has an invalid format",
Codes.INVALID_THREEPID,
)

@@ -445,7 +445,7 @@ async def on_POST(self, request):
if not check_3pid_valid_format("msisdn", msisdn):
raise SynapseError(
400,
"Third party identifier has not a valid format",
"Third party identifier has an invalid format",
Codes.INVALID_THREEPID,
)

6 changes: 3 additions & 3 deletions synapse/rest/client/v2_alpha/register.py
Original file line number Diff line number Diff line change
@@ -126,7 +126,7 @@ async def on_POST(self, request):
if not check_3pid_valid_format("email", email):
raise SynapseError(
400,
"Third party identifier has not a valid format",
"Third party identifier has an invalid format",
Codes.INVALID_THREEPID,
)

@@ -200,7 +200,7 @@ async def on_POST(self, request):
if not check_3pid_valid_format("msisdn", msisdn):
raise SynapseError(
400,
"Third party identifier has not a valid format",
"Third party identifier has an invalid format",
Codes.INVALID_THREEPID,
)

@@ -531,7 +531,7 @@ async def on_POST(self, request):
if not check_3pid_valid_format(medium, address):
raise SynapseError(
400,
"Third party identifier has not a valid format",
"Third party identifier has an invalid format",
Codes.INVALID_THREEPID,
)

11 changes: 5 additions & 6 deletions synapse/util/threepids.py
Original file line number Diff line number Diff line change
@@ -50,7 +50,7 @@ def check_3pid_allowed(hs, medium, address):
return False


def check_3pid_valid_format(medium, address):
def check_3pid_valid_format(medium, address) -> bool:
"""Checks whether 3pid has a valid format

Args:
@@ -60,12 +60,11 @@ def check_3pid_valid_format(medium, address):
bool: whether the email address has a valid format
"""

# medium must be "email" or "msisdn"
if medium == "email":
regex = r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)"
if re.search(regex, address):
return True
else:
return False
regex = r"^[^@]+@[^@]+\.[^@]+$"
return bool(re.fullmatch(regex, address))
# no validation/pattern for "msisdn" at the moment
elif medium == "msisdn":
return True
else:
11 changes: 4 additions & 7 deletions tests/rest/admin/test_user.py
Original file line number Diff line number Diff line change
@@ -22,6 +22,7 @@

import synapse.rest.admin
from synapse.api.constants import UserTypes
from synapse.api.errors import Codes
from synapse.rest.client.v1 import login

from tests import unittest
@@ -624,7 +625,7 @@ def test_set_duplicate_threepid(self):
self.render(request)

self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("Threepid is already in use", channel.json_body["error"])
self.assertEqual(Codes.THREEPID_IN_USE, channel.json_body["errcode"])

def test_set_invalid_threepid(self):
"""
@@ -644,9 +645,7 @@ def test_set_invalid_threepid(self):
self.render(request)

self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual(
"Third party identifier has not a valid format", channel.json_body["error"]
)
self.assertEqual(Codes.INVALID_THREEPID, channel.json_body["errcode"])

def test_set_not_allowed_threepid(self):
"""
@@ -671,9 +670,7 @@ def test_set_not_allowed_threepid(self):
self.render(request)

self.assertEqual(403, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual(
"Your email domain or account phone number is not authorized on this server",
channel.json_body["error"],
self.assertEqual(Codes.THREEPID_DENIED, channel.json_body["errcode"],
)

def test_deactivate_user(self):