From 2d9995358dcd0ee21a0cf94f6312d12a93bf9af6 Mon Sep 17 00:00:00 2001 From: Raju Date: Sun, 16 Jul 2023 10:36:15 +0600 Subject: [PATCH 1/6] fix: add dict instance check before accessing it --- synapse/handlers/auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py index 59ecafa6a094..eedf92a83bb4 100644 --- a/synapse/handlers/auth.py +++ b/synapse/handlers/auth.py @@ -483,7 +483,7 @@ async def check_ui_auth( sid: Optional[str] = None authdict = clientdict.pop("auth", {}) - if "session" in authdict: + if isintance(authdict, dict) and "session" in authdict: sid = authdict["session"] # Convert the URI and method to strings. From 0560a7b4f22bad5481f9c31f22f1607fbbf2e2f0 Mon Sep 17 00:00:00 2001 From: Raju Date: Sun, 16 Jul 2023 15:57:24 +0600 Subject: [PATCH 2/6] fix: fixing a typo of a method name isinstance my last commit --- synapse/handlers/auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py index eedf92a83bb4..5f4c7deb24cd 100644 --- a/synapse/handlers/auth.py +++ b/synapse/handlers/auth.py @@ -483,7 +483,7 @@ async def check_ui_auth( sid: Optional[str] = None authdict = clientdict.pop("auth", {}) - if isintance(authdict, dict) and "session" in authdict: + if isinstance(authdict, dict) and "session" in authdict: sid = authdict["session"] # Convert the URI and method to strings. From 6fc5e785e405610dc50ca4d5d62bd08a212b6ed4 Mon Sep 17 00:00:00 2001 From: Raju Date: Sun, 16 Jul 2023 21:02:39 +0600 Subject: [PATCH 3/6] fix: Added changelog file for this fix --- changelog.d/15944.bugfix | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 changelog.d/15944.bugfix diff --git a/changelog.d/15944.bugfix b/changelog.d/15944.bugfix new file mode 100644 index 000000000000..e69de29bb2d1 From fe888d2acdf2a59701cb7d91188c019aab876760 Mon Sep 17 00:00:00 2001 From: Raju Date: Mon, 17 Jul 2023 11:10:45 +0600 Subject: [PATCH 4/6] Added . at the end of line in changelog file --- changelog.d/15944.bugfix | 1 + 1 file changed, 1 insertion(+) diff --git a/changelog.d/15944.bugfix b/changelog.d/15944.bugfix index e69de29bb2d1..9cbbad49071d 100644 --- a/changelog.d/15944.bugfix +++ b/changelog.d/15944.bugfix @@ -0,0 +1 @@ +Add dic instance check before accessing auth session. From 3127227ca057dc256fbb409f1996d9c009c635ff Mon Sep 17 00:00:00 2001 From: Raju Date: Tue, 25 Jul 2023 00:04:15 +0600 Subject: [PATCH 5/6] Throwing error if client data is not dict --- synapse/handlers/auth.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py index 5f4c7deb24cd..6050047b3262 100644 --- a/synapse/handlers/auth.py +++ b/synapse/handlers/auth.py @@ -483,7 +483,11 @@ async def check_ui_auth( sid: Optional[str] = None authdict = clientdict.pop("auth", {}) - if isinstance(authdict, dict) and "session" in authdict: + if not isinstance(authdict, dict): + raise SynapseError(400, "Interactive auth not yet complete. Client data is " + "not dictionary.") + + if "session" in authdict: sid = authdict["session"] # Convert the URI and method to strings. From 2f43ac765fa479d7e950357a983529631d0d3fb5 Mon Sep 17 00:00:00 2001 From: Raju Date: Fri, 28 Jul 2023 23:37:24 +0600 Subject: [PATCH 6/6] fix code format style --- synapse/handlers/auth.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py index 6050047b3262..c7530885cc2a 100644 --- a/synapse/handlers/auth.py +++ b/synapse/handlers/auth.py @@ -484,9 +484,10 @@ async def check_ui_auth( sid: Optional[str] = None authdict = clientdict.pop("auth", {}) if not isinstance(authdict, dict): - raise SynapseError(400, "Interactive auth not yet complete. Client data is " - "not dictionary.") - + raise SynapseError( + 400, + "Interactive auth not yet complete. Client data is not dictionary.", + ) if "session" in authdict: sid = authdict["session"]