From 7c98ba64aa3f64be9aff77f36c33d2d48d9653b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20K=C3=B6sters?= <timo@koesters.xyz>
Date: Sat, 15 Oct 2022 16:56:08 +0200
Subject: [PATCH] fix: HEAD requests should produce METHOD_NOT_ALLOWED

---
 src/api/client_server/directory.rs | 11 ++---------
 src/api/client_server/sync.rs      |  2 +-
 src/main.rs                        | 18 ++++++++++++------
 3 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/src/api/client_server/directory.rs b/src/api/client_server/directory.rs
index a7381d8d1..f07a22542 100644
--- a/src/api/client_server/directory.rs
+++ b/src/api/client_server/directory.rs
@@ -87,10 +87,7 @@ pub async fn set_room_visibility_route(
 
     if !services().rooms.metadata.exists(&body.room_id)? {
         // Return 404 if the room doesn't exist
-        return Err(Error::BadRequest(
-            ErrorKind::NotFound,
-            "Room not found",
-        ));
+        return Err(Error::BadRequest(ErrorKind::NotFound, "Room not found"));
     }
 
     match &body.visibility {
@@ -116,13 +113,9 @@ pub async fn set_room_visibility_route(
 pub async fn get_room_visibility_route(
     body: Ruma<get_room_visibility::v3::IncomingRequest>,
 ) -> Result<get_room_visibility::v3::Response> {
-
     if !services().rooms.metadata.exists(&body.room_id)? {
         // Return 404 if the room doesn't exist
-        return Err(Error::BadRequest(
-            ErrorKind::NotFound,
-            "Room not found",
-        ));
+        return Err(Error::BadRequest(ErrorKind::NotFound, "Room not found"));
     }
 
     Ok(get_room_visibility::v3::Response {
diff --git a/src/api/client_server/sync.rs b/src/api/client_server/sync.rs
index 828ae19c7..7de274b27 100644
--- a/src/api/client_server/sync.rs
+++ b/src/api/client_server/sync.rs
@@ -905,7 +905,7 @@ async fn sync_helper(
         let leave_shortstatekey = services()
             .rooms
             .short
-            .get_or_create_shortstatekey(&StateEventType::RoomMember, &sender_user.as_str())?;
+            .get_or_create_shortstatekey(&StateEventType::RoomMember, sender_user.as_str())?;
 
         left_state_ids.insert(leave_shortstatekey, left_event_id);
 
diff --git a/src/main.rs b/src/main.rs
index 626de3ae7..a782de021 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -24,10 +24,13 @@
 };
 use http::{
     header::{self, HeaderName},
-    Method, Uri,
+    Method, StatusCode, Uri,
 };
 use opentelemetry::trace::{FutureExt, Tracer};
-use ruma::api::{client::error::ErrorKind, IncomingRequest};
+use ruma::api::{
+    client::{error::Error as RumaError, error::ErrorKind, uiaa::UiaaResponse},
+    IncomingRequest,
+};
 use tokio::signal;
 use tower::ServiceBuilder;
 use tower_http::{
@@ -191,15 +194,18 @@ async fn run_server() -> io::Result<()> {
 async fn unrecognized_method<B>(
     req: axum::http::Request<B>,
     next: axum::middleware::Next<B>,
-) -> std::result::Result<axum::response::Response, axum::http::StatusCode> {
+) -> std::result::Result<axum::response::Response, StatusCode> {
     let method = req.method().clone();
     let uri = req.uri().clone();
     let inner = next.run(req).await;
     if inner.status() == axum::http::StatusCode::METHOD_NOT_ALLOWED {
         warn!("Method not allowed: {method} {uri}");
-        return Ok(
-            Error::BadRequest(ErrorKind::Unrecognized, "Unrecognized request").into_response(),
-        );
+        return Ok(RumaResponse(UiaaResponse::MatrixError(RumaError {
+            kind: ErrorKind::Unrecognized,
+            message: "M_UNRECOGNIZED: Unrecognized request".to_owned(),
+            status_code: StatusCode::METHOD_NOT_ALLOWED,
+        }))
+        .into_response());
     }
     Ok(inner)
 }
-- 
GitLab