Return proper error in case of invalid UTF-8 in json_body

json_body is used in places that need authentication. In case an unknown field is set, Ruma doesn't parse the field and so doesn't give an error on invalid UTF-8. But Conduit has parsed and on error makes json_body None. Return an error to the client instead of generating an internal error.
2021-06-30 23:12:22 +02:00 · 2021-06-30 23:12:22 +02:00 · 699f77671f
parent cc9111059d
commit 699f77671f
3 changed files with 53 additions and 49 deletions
--- a/src/client_server/account.rs
+++ b/src/client_server/account.rs
@ -157,15 +157,19 @@ pub async fn register_route(
            }
        // Success!
        } else {
-            uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
-            db.uiaa.create(
-                &UserId::parse_with_server_name("", db.globals.server_name())
-                    .expect("we know this is valid"),
-                "".into(),
-                &uiaainfo,
-                &body.json_body.expect("body is json"),
-            )?;
-            return Err(Error::Uiaa(uiaainfo));
+            if let Some(json) = body.json_body {
+                uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
+                db.uiaa.create(
+                    &UserId::parse_with_server_name("", db.globals.server_name())
+                        .expect("we know this is valid"),
+                    "".into(),
+                    &uiaainfo,
+                    &json,
+                )?;
+                return Err(Error::Uiaa(uiaainfo));
+            } else {
+                return Err(Error::BadRequest(ErrorKind::NotJson, "Not json."));
+            }
        }
    }

@ -526,14 +530,14 @@ pub async fn change_password_route(
        }
    // Success!
    } else {
-        uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
-        db.uiaa.create(
-            &sender_user,
-            &sender_device,
-            &uiaainfo,
-            &body.json_body.expect("body is json"),
-        )?;
-        return Err(Error::Uiaa(uiaainfo));
+        if let Some(json) = body.json_body {
+            uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
+            db.uiaa
+                .create(&sender_user, &sender_device, &uiaainfo, &json)?;
+            return Err(Error::Uiaa(uiaainfo));
+        } else {
+            return Err(Error::BadRequest(ErrorKind::NotJson, "Not json."));
+        }
    }

    db.users
@ -618,14 +622,14 @@ pub async fn deactivate_route(
        }
    // Success!
    } else {
-        uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
-        db.uiaa.create(
-            &sender_user,
-            &sender_device,
-            &uiaainfo,
-            &body.json_body.expect("body is json"),
-        )?;
-        return Err(Error::Uiaa(uiaainfo));
+        if let Some(json) = body.json_body {
+            uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
+            db.uiaa
+                .create(&sender_user, &sender_device, &uiaainfo, &json)?;
+            return Err(Error::Uiaa(uiaainfo));
+        } else {
+            return Err(Error::BadRequest(ErrorKind::NotJson, "Not json."));
+        }
    }

    // Leave all joined rooms and reject all invitations
--- a/src/client_server/device.rs
+++ b/src/client_server/device.rs
@ -116,14 +116,14 @@ pub async fn delete_device_route(
        }
    // Success!
    } else {
-        uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
-        db.uiaa.create(
-            &sender_user,
-            &sender_device,
-            &uiaainfo,
-            &body.json_body.expect("body is json"),
-        )?;
-        return Err(Error::Uiaa(uiaainfo));
+        if let Some(json) = body.json_body {
+            uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
+            db.uiaa
+                .create(&sender_user, &sender_device, &uiaainfo, &json)?;
+            return Err(Error::Uiaa(uiaainfo));
+        } else {
+            return Err(Error::BadRequest(ErrorKind::NotJson, "Not json."));
+        }
    }

    db.users.remove_device(&sender_user, &body.device_id)?;
@ -170,14 +170,14 @@ pub async fn delete_devices_route(
        }
    // Success!
    } else {
-        uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
-        db.uiaa.create(
-            &sender_user,
-            &sender_device,
-            &uiaainfo,
-            &body.json_body.expect("body is json"),
-        )?;
-        return Err(Error::Uiaa(uiaainfo));
+        if let Some(json) = body.json_body {
+            uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
+            db.uiaa
+                .create(&sender_user, &sender_device, &uiaainfo, &json)?;
+            return Err(Error::Uiaa(uiaainfo));
+        } else {
+            return Err(Error::BadRequest(ErrorKind::NotJson, "Not json."));
+        }
    }

    for device_id in &body.devices {
--- a/src/client_server/keys.rs
+++ b/src/client_server/keys.rs
@ -145,14 +145,14 @@ pub async fn upload_signing_keys_route(
        }
    // Success!
    } else {
-        uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
-        db.uiaa.create(
-            &sender_user,
-            &sender_device,
-            &uiaainfo,
-            &body.json_body.expect("body is json"),
-        )?;
-        return Err(Error::Uiaa(uiaainfo));
+        if let Some(json) = body.json_body {
+            uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
+            db.uiaa
+                .create(&sender_user, &sender_device, &uiaainfo, &json)?;
+            return Err(Error::Uiaa(uiaainfo));
+        } else {
+            return Err(Error::BadRequest(ErrorKind::NotJson, "Not json."));
+        }
    }

    if let Some(master_key) = &body.master_key {