Add additional validation for the admin register endpoint. (#8837)

edwargix · web-flow · commit c4675e1b24f0 · 2020-12-02T10:01:15.000-05:00
Raise a proper 400 error if the `mac` field is missing.
diff --git a/changelog.d/8837.bugfix b/changelog.d/8837.bugfix
@@ -0,0 +1 @@
+Fix a long standing bug in the register admin endpoint (`/_synapse/admin/v1/register`) when the `mac` field was not provided. The endpoint now properly returns a 400 error. Contributed by @edwargix.
diff --git a/synapse/rest/admin/users.py b/synapse/rest/admin/users.py
@@ -420,6 +420,9 @@ async def on_POST(self, request):
         if user_type is not None and user_type not in UserTypes.ALL_USER_TYPES:
             raise SynapseError(400, "Invalid user type")
 
+        if "mac" not in body:
+            raise SynapseError(400, "mac must be specified", errcode=Codes.BAD_JSON)
+
         got_mac = body["mac"]
 
         want_mac_builder = hmac.new(

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	+Fix a long standing bug in the register admin endpoint (`/_synapse/admin/v1/register`) when the `mac` field was not provided. The endpoint now properly returns a 400 error. Contributed by @edwargix.