Add additional validation for the admin register endpoint. (#8837)

Raise a proper 400 error if the `mac` field is missing.

Add additional validation for the admin register endpoint. (#8837)
c4675e1b · David Florness · GitHub · e41720d8 · c4675e1b · c4675e1b
Unverified Commit c4675e1b authored 4 years ago by David Florness Committed by GitHub 4 years ago
--- a/changelog.d/8837.bugfix
+++ b/changelog.d/8837.bugfix
+Fix a long standing bug in the register admin endpoint (`/_synapse/admin/v1/register`) when the `mac` field was not provided. The endpoint now properly returns a 400 error. Contributed by @edwargix.
--- a/synapse/rest/admin/users.py
+++ b/synapse/rest/admin/users.py
@@ -420,6 +420,9 @@ class UserRegisterServlet(RestServlet):
        if user_type is not None and user_type not in UserTypes.ALL_USER_TYPES:
            raise SynapseError(400, "Invalid user type")
+        if "mac" not in body:
+            raise SynapseError(400, "mac must be specified", errcode=Codes.BAD_JSON)
        got_mac = body["mac"]
        want_mac_builder = hmac.new(