From 14a73713751f2aea2932708d25eb13dd89f67fa2 Mon Sep 17 00:00:00 2001
From: Patrick Cloke <clokep@users.noreply.github.com>
Date: Tue, 29 Dec 2020 12:47:45 -0500
Subject: [PATCH] Validate input parameters for the sendToDevice API. (#8975)

This makes the "messages" key in the content required. This is currently
optional in the spec, but that seems to be an error.
---
 changelog.d/8975.bugfix                      | 1 +
 synapse/rest/client/v2_alpha/sendtodevice.py | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)
 create mode 100644 changelog.d/8975.bugfix

diff --git a/changelog.d/8975.bugfix b/changelog.d/8975.bugfix
new file mode 100644
index 0000000000..75049b8e18
--- /dev/null
+++ b/changelog.d/8975.bugfix
@@ -0,0 +1 @@
+Add validation to the `sendToDevice` API to raise a missing parameters error instead of a 500 error.
diff --git a/synapse/rest/client/v2_alpha/sendtodevice.py b/synapse/rest/client/v2_alpha/sendtodevice.py
index bc4f43639a..a3dee14ed4 100644
--- a/synapse/rest/client/v2_alpha/sendtodevice.py
+++ b/synapse/rest/client/v2_alpha/sendtodevice.py
@@ -17,7 +17,7 @@ import logging
 from typing import Tuple
 
 from synapse.http import servlet
-from synapse.http.servlet import parse_json_object_from_request
+from synapse.http.servlet import assert_params_in_dict, parse_json_object_from_request
 from synapse.logging.opentracing import set_tag, trace
 from synapse.rest.client.transactions import HttpTransactionCache
 
@@ -54,6 +54,7 @@ class SendToDeviceRestServlet(servlet.RestServlet):
         requester = await self.auth.get_user_by_req(request, allow_guest=True)
 
         content = parse_json_object_from_request(request)
+        assert_params_in_dict(content, ("messages",))
 
         sender_user_id = requester.user.to_string()
 
-- 
GitLab