Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

DELETE /directory/rooms/ALIAS doesn't handle the case of a nonexistant alias #11319

Closed
DMRobertson opened this issue Nov 12, 2021 · 2 comments
Closed

DELETE /directory/rooms/ALIAS doesn't handle the case of a nonexistant alias #11319

DMRobertson opened this issue Nov 12, 2021 · 2 comments

Comments

@DMRobertson
Copy link
Contributor

DMRobertson commented Nov 12, 2021
edited
Loading

Spec says we should return 404.

AFAICS we only return 200 (or maybe 500 if there's an internal server error).

synapse/synapse/rest/client/directory.py

Lines 94 to 124 in 2af6d31

async def on_DELETE(
self, request: SynapseRequest, room_alias: str
) -> Tuple[int, JsonDict]:
room_alias_obj = RoomAlias.from_string(room_alias)
try:
service = self.auth.get_appservice_by_req(request)
await self.directory_handler.delete_appservice_association(
service, room_alias_obj
)
logger.info(
"Application service at %s deleted alias %s",
service.url,
room_alias_obj.to_string(),
)
return 200, {}
except InvalidClientCredentialsError:
# fallback to default user behaviour if they aren't an AS
pass
requester = await self.auth.get_user_by_req(request)
user = requester.user
await self.directory_handler.delete_association(requester, room_alias_obj)
logger.info(
"User %s deleted alias %s", user.to_string(), room_alias_obj.to_string()
)
return 200, {}

Discovered because mypy spotted the return type hint here was wrong (we may return None):

synapse/synapse/storage/databases/main/directory.py

Lines 136 to 159 in 40a1fdd

def _delete_room_alias_txn(self, txn, room_alias: RoomAlias) -> str:
txn.execute(
"SELECT room_id FROM room_aliases WHERE room_alias = ?",
(room_alias.to_string(),),
)
res = txn.fetchone()
if res:
room_id = res[0]
else:
return None
txn.execute(
"DELETE FROM room_aliases WHERE room_alias = ?", (room_alias.to_string(),)
)
txn.execute(
"DELETE FROM room_alias_servers WHERE room_alias = ?",
(room_alias.to_string(),),
)
self._invalidate_cache_and_stream(txn, self.get_aliases_for_room, (room_id,))
return room_id

@DMRobertson DMRobertson added A-Spec-Compliance places where synapse does not conform to the spec S-Tolerable Minor significance, cosmetic issues, low or no impact to users. T-Defect Bugs, crashes, hangs, security vulnerabilities, or other reported issues. labels Nov 12, 2021
@DMRobertson
Copy link
Contributor Author

Well, having written a test for this, it's working perfectly fine. But I have no idea why; I would like to understand,

@DMRobertson DMRobertson removed A-Spec-Compliance places where synapse does not conform to the spec S-Tolerable Minor significance, cosmetic issues, low or no impact to users. T-Defect Bugs, crashes, hangs, security vulnerabilities, or other reported issues. labels Nov 12, 2021
@DMRobertson
Copy link
Contributor Author

Oh. It's here.

synapse/synapse/handlers/directory.py

Lines 188 to 193 in 75ca0a6

try:
can_delete = await self._user_can_delete_alias(room_alias, user_id)
except StoreError as e:
if e.code == 404:
raise NotFoundError("Unknown room alias")
raise

Well, this was a load of hot air. Closing.

@DMRobertson DMRobertson mentioned this issue Nov 12, 2021
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@DMRobertson