This commit is contained in:
lda 2024-01-05 01:09:13 +01:00
commit 12061afe62
19 changed files with 161 additions and 80 deletions

View file

@ -65,6 +65,8 @@ ROUTE_IMPL(RouteChangePwd, path, argp)
char *token;
char *newPassword;
char *msg;
Config *config = ConfigLock(db);
if (!config)
@ -78,8 +80,9 @@ ROUTE_IMPL(RouteChangePwd, path, argp)
if (HttpRequestMethodGet(args->context) != HTTP_POST)
{
msg = "Route only supports POST.";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_UNRECOGNIZED, NULL);
response = MatrixErrorCreate(M_UNRECOGNIZED, msg);
goto finish;
}
@ -118,9 +121,10 @@ ROUTE_IMPL(RouteChangePwd, path, argp)
newPassword = JsonValueAsString(HashMapGet(request, "new_password"));
if (!newPassword)
{
msg = "'new_password' is unset or not a string.";
JsonFree(request);
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_BAD_JSON, NULL);
response = MatrixErrorCreate(M_BAD_JSON, msg);
goto finish;
}

View file

@ -33,6 +33,7 @@ ROUTE_IMPL(RouteConfig, path, argp)
RouteArgs *args = argp;
HashMap *response;
char *token;
char *msg;
User *user = NULL;
Config *config = NULL;
@ -59,17 +60,19 @@ ROUTE_IMPL(RouteConfig, path, argp)
if (!(UserGetPrivileges(user) & USER_CONFIG))
{
msg = "User does not have the 'CONFIG' privilege.";
HttpResponseStatus(args->context, HTTP_FORBIDDEN);
response = MatrixErrorCreate(M_FORBIDDEN, NULL);
response = MatrixErrorCreate(M_FORBIDDEN, msg);
goto finish;
}
config = ConfigLock(args->matrixArgs->db);
if (!config)
{
msg = "Internal server error while locking configuration.";
Log(LOG_ERR, "Config endpoint failed to lock configuration.");
HttpResponseStatus(args->context, HTTP_INTERNAL_SERVER_ERROR);
response = MatrixErrorCreate(M_UNKNOWN, NULL);
response = MatrixErrorCreate(M_UNKNOWN, msg);
goto finish;
}
@ -90,8 +93,9 @@ ROUTE_IMPL(RouteConfig, path, argp)
newConf = ConfigParse(request);
if (!newConf)
{
msg = "Internal server error while parsing config.";
HttpResponseStatus(args->context, HTTP_INTERNAL_SERVER_ERROR);
response = MatrixErrorCreate(M_UNKNOWN, NULL);
response = MatrixErrorCreate(M_UNKNOWN, msg);
break;
}
@ -108,8 +112,9 @@ ROUTE_IMPL(RouteConfig, path, argp)
}
else
{
msg = "Internal server error while writing the config.";
HttpResponseStatus(args->context, HTTP_INTERNAL_SERVER_ERROR);
response = MatrixErrorCreate(M_UNKNOWN, NULL);
response = MatrixErrorCreate(M_UNKNOWN, msg);
}
}
else
@ -137,8 +142,9 @@ ROUTE_IMPL(RouteConfig, path, argp)
if (!newConf)
{
msg = "Internal server error while parsing config.";
HttpResponseStatus(args->context, HTTP_INTERNAL_SERVER_ERROR);
response = MatrixErrorCreate(M_UNKNOWN, NULL);
response = MatrixErrorCreate(M_UNKNOWN, msg);
break;
}
@ -155,8 +161,9 @@ ROUTE_IMPL(RouteConfig, path, argp)
}
else
{
msg = "Internal server error while writing the config.";
HttpResponseStatus(args->context, HTTP_INTERNAL_SERVER_ERROR);
response = MatrixErrorCreate(M_UNKNOWN, NULL);
response = MatrixErrorCreate(M_UNKNOWN, msg);
}
}
else
@ -170,8 +177,9 @@ ROUTE_IMPL(RouteConfig, path, argp)
JsonFree(newJson);
break;
default:
msg = "Unknown request method.";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_UNRECOGNIZED, "Unknown request method.");
response = MatrixErrorCreate(M_UNRECOGNIZED, msg);
break;
}

View file

@ -41,8 +41,9 @@ ROUTE_IMPL(RouteCreateRoom, path, argp)
if (HttpRequestMethodGet(args->context) != HTTP_POST)
{
err = "Unknown request method.";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_UNRECOGNIZED, "Unknown request method.");
response = MatrixErrorCreate(M_UNRECOGNIZED, err);
goto finish;
}

View file

@ -47,6 +47,8 @@ ROUTE_IMPL(RouteDeactivate, path, argp)
User *user = NULL;
Config *config = ConfigLock(db);
char *msg;
(void) path;
if (!config)
@ -59,8 +61,9 @@ ROUTE_IMPL(RouteDeactivate, path, argp)
if (HttpRequestMethodGet(args->context) != HTTP_POST)
{
msg = "Route only accepts POST.";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_UNRECOGNIZED, NULL);
response = MatrixErrorCreate(M_UNRECOGNIZED, msg);
goto finish;
}
@ -128,8 +131,9 @@ ROUTE_IMPL(RouteDeactivate, path, argp)
if (!UserDeleteTokens(user, NULL) || !UserDeactivate(user, NULL, NULL))
{
msg = "Internal server error: couldn't remove user properly.";
HttpResponseStatus(args->context, HTTP_INTERNAL_SERVER_ERROR);
response = MatrixErrorCreate(M_UNKNOWN, NULL);
response = MatrixErrorCreate(M_UNKNOWN, msg);
goto finish;
}

View file

@ -69,6 +69,8 @@ ROUTE_IMPL(RouteFilter, path, argp)
char *userParam = ArrayGet(path, 0);
char *msg;
if (!userParam)
{
/* Should be impossible */
@ -87,15 +89,17 @@ ROUTE_IMPL(RouteFilter, path, argp)
id = UserIdParse(userParam, serverName);
if (!id)
{
msg = "Invalid user ID.";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_INVALID_PARAM, NULL);
response = MatrixErrorCreate(M_INVALID_PARAM, msg);
goto finish;
}
if (!StrEquals(id->server, serverName))
{
msg = "Cannot use /filter for non-local users.";
HttpResponseStatus(args->context, HTTP_UNAUTHORIZED);
response = MatrixErrorCreate(M_UNAUTHORIZED, NULL);
response = MatrixErrorCreate(M_UNAUTHORIZED, msg);
goto finish;
}
@ -115,8 +119,9 @@ ROUTE_IMPL(RouteFilter, path, argp)
if (!StrEquals(id->localpart, UserGetName(user)))
{
msg = "Unauthorized to use /filter.";
HttpResponseStatus(args->context, HTTP_UNAUTHORIZED);
response = MatrixErrorCreate(M_INVALID_PARAM, NULL);
response = MatrixErrorCreate(M_INVALID_PARAM, msg);
goto finish;
}
@ -126,8 +131,9 @@ ROUTE_IMPL(RouteFilter, path, argp)
if (!ref)
{
msg = "The filter for this user was not found.";
HttpResponseStatus(args->context, HTTP_NOT_FOUND);
response = MatrixErrorCreate(M_NOT_FOUND, NULL);
response = MatrixErrorCreate(M_NOT_FOUND, msg);
goto finish;
}
@ -161,8 +167,9 @@ ROUTE_IMPL(RouteFilter, path, argp)
filterId = StrRandom(12);
if (!filterId)
{
msg = "Couldn't generate random filter ID; this is unintended.";
HttpResponseStatus(args->context, HTTP_INTERNAL_SERVER_ERROR);
response = MatrixErrorCreate(M_UNKNOWN, NULL);
response = MatrixErrorCreate(M_UNKNOWN, msg);
goto finish;
}
@ -170,8 +177,9 @@ ROUTE_IMPL(RouteFilter, path, argp)
if (!ref)
{
Free(filterId);
msg = "Couldn't write filter to the database, this is unintended.";
HttpResponseStatus(args->context, HTTP_INTERNAL_SERVER_ERROR);
response = MatrixErrorCreate(M_UNKNOWN, NULL);
response = MatrixErrorCreate(M_UNKNOWN, msg);
goto finish;
}

View file

@ -107,8 +107,9 @@ ROUTE_IMPL(RouteLogin, path, argp)
if (loginRequest.type != REQUEST_TYPE_PASSWORD)
{
msg = "Unsupported login type.";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_UNRECOGNIZED, NULL);
response = MatrixErrorCreate(M_UNRECOGNIZED, msg);
break;
}
@ -117,6 +118,7 @@ ROUTE_IMPL(RouteLogin, path, argp)
val = HashMapGet(identifier, "type");
if (!val)
{
msg = "No login identifier type set.";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_MISSING_PARAM, NULL);
break;
@ -124,16 +126,18 @@ ROUTE_IMPL(RouteLogin, path, argp)
if (JsonValueType(val) != JSON_STRING)
{
msg = "Invalid login identifier type.";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_BAD_JSON, NULL);
response = MatrixErrorCreate(M_BAD_JSON, msg);
break;
}
type = JsonValueAsString(val);
if (!StrEquals(type, "m.id.user"))
{
msg = "Invalid login identifier type.";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_UNRECOGNIZED, NULL);
response = MatrixErrorCreate(M_UNRECOGNIZED, msg);
break;
}
if (!LoginRequestUserIdentifierFromJson(identifier,
@ -148,16 +152,18 @@ ROUTE_IMPL(RouteLogin, path, argp)
userId = UserIdParse(userIdentifier.user, config->serverName);
if (!userId)
{
msg = "Invalid user ID.";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_BAD_JSON, NULL);
response = MatrixErrorCreate(M_BAD_JSON, msg);
break;
}
if (!StrEquals(userId->server, config->serverName)
|| !UserExists(db, userId->localpart))
{
msg = "Unknown user ID.";
HttpResponseStatus(args->context, HTTP_FORBIDDEN);
response = MatrixErrorCreate(M_FORBIDDEN, NULL);
response = MatrixErrorCreate(M_FORBIDDEN, msg);
break;
}
@ -171,8 +177,9 @@ ROUTE_IMPL(RouteLogin, path, argp)
if (!user)
{
msg = "Couldn't lock user.";
HttpResponseStatus(args->context, HTTP_FORBIDDEN);
response = MatrixErrorCreate(M_FORBIDDEN, NULL);
response = MatrixErrorCreate(M_FORBIDDEN, msg);
break;
}
@ -190,10 +197,11 @@ ROUTE_IMPL(RouteLogin, path, argp)
if (!loginInfo)
{
msg = "Invalid creditentials for user.";
UserUnlock(user);
HttpResponseStatus(args->context, HTTP_FORBIDDEN);
response = MatrixErrorCreate(M_FORBIDDEN, NULL);
response = MatrixErrorCreate(M_FORBIDDEN, msg);
break;
}
@ -229,8 +237,9 @@ ROUTE_IMPL(RouteLogin, path, argp)
break;
default:
msg = "Route only accepts GET and POST.";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_UNRECOGNIZED, NULL);
response = MatrixErrorCreate(M_UNRECOGNIZED, msg);
break;
}

View file

@ -38,14 +38,17 @@ ROUTE_IMPL(RouteLogout, path, argp)
char *tokenstr;
char *msg;
Db *db = args->matrixArgs->db;
User *user;
if (HttpRequestMethodGet(args->context) != HTTP_POST)
{
msg = "This route only accepts POST.";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
return MatrixErrorCreate(M_UNRECOGNIZED, NULL);
return MatrixErrorCreate(M_UNRECOGNIZED, msg);
}
response = MatrixGetAccessToken(args->context, &tokenstr);
@ -84,8 +87,9 @@ ROUTE_IMPL(RouteLogout, path, argp)
{
if (!UserDeleteToken(user, tokenstr))
{
msg = "Internal server error: couldn't delete token.";
HttpResponseStatus(args->context, HTTP_INTERNAL_SERVER_ERROR);
response = MatrixErrorCreate(M_UNKNOWN, NULL);
response = MatrixErrorCreate(M_UNKNOWN, msg);
goto finish;
}

View file

@ -39,6 +39,8 @@ ROUTE_IMPL(RoutePrivileges, path, argp)
JsonValue *val;
int privileges;
char *msg;
response = MatrixGetAccessToken(args->context, &token);
if (response)
{
@ -55,8 +57,9 @@ ROUTE_IMPL(RoutePrivileges, path, argp)
if (!(UserGetPrivileges(user) & USER_GRANT_PRIVILEGES))
{
msg = "User doesn't have the GRANT_PRIVILEGES privilege";
HttpResponseStatus(args->context, HTTP_FORBIDDEN);
response = MatrixErrorCreate(M_FORBIDDEN, NULL);
response = MatrixErrorCreate(M_FORBIDDEN, msg);
goto finish;
}
@ -68,8 +71,9 @@ ROUTE_IMPL(RoutePrivileges, path, argp)
user = UserLock(args->matrixArgs->db, ArrayGet(path, 0));
if (!user)
{
msg = "Unknown user.";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_INVALID_PARAM, NULL);
response = MatrixErrorCreate(M_INVALID_PARAM, msg);
goto finish;
}
}
@ -90,8 +94,9 @@ ROUTE_IMPL(RoutePrivileges, path, argp)
val = HashMapGet(request, "privileges");
if (!val || JsonValueType(val) != JSON_ARRAY)
{
msg = "'privileges' is unset or not an array.";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_BAD_JSON, NULL);
response = MatrixErrorCreate(M_BAD_JSON, msg);
break;
}
@ -116,8 +121,9 @@ ROUTE_IMPL(RoutePrivileges, path, argp)
if (!UserSetPrivileges(user, privileges))
{
msg = "Internal server error: couldn't set privileges.";
HttpResponseStatus(args->context, HTTP_INTERNAL_SERVER_ERROR);
response = MatrixErrorCreate(M_UNKNOWN, NULL);
response = MatrixErrorCreate(M_UNKNOWN, msg);
break;
}
@ -127,8 +133,9 @@ ROUTE_IMPL(RoutePrivileges, path, argp)
HashMapSet(response, "privileges", JsonValueArray(UserEncodePrivileges(UserGetPrivileges(user))));
break;
default:
msg = "Route only accepts POST, PUT, DELETE, and GET.";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_UNRECOGNIZED, NULL);
response = MatrixErrorCreate(M_UNRECOGNIZED, msg);
goto finish;
break;
}

View file

@ -37,6 +37,7 @@ ROUTE_IMPL(RouteProcControl, path, argp)
char *op = ArrayGet(path, 0);
HashMap *response;
char *token;
char *msg;
User *user = NULL;
response = MatrixGetAccessToken(args->context, &token);
@ -55,11 +56,13 @@ ROUTE_IMPL(RouteProcControl, path, argp)
if (!(UserGetPrivileges(user) & USER_PROC_CONTROL))
{
msg = "User doesn't have PROC_CONTROL privilege.";
HttpResponseStatus(args->context, HTTP_FORBIDDEN);
response = MatrixErrorCreate(M_FORBIDDEN, NULL);
response = MatrixErrorCreate(M_FORBIDDEN, msg);
goto finish;
}
msg = "Unknown operation.";
switch (HttpRequestMethodGet(args->context))
{
case HTTP_POST:
@ -74,7 +77,7 @@ ROUTE_IMPL(RouteProcControl, path, argp)
else
{
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_UNRECOGNIZED, NULL);
response = MatrixErrorCreate(M_UNRECOGNIZED, msg);
goto finish;
}
break;
@ -106,12 +109,12 @@ ROUTE_IMPL(RouteProcControl, path, argp)
else
{
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_UNRECOGNIZED, NULL);
response = MatrixErrorCreate(M_UNRECOGNIZED, msg);
goto finish;
}
default:
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_UNRECOGNIZED, NULL);
response = MatrixErrorCreate(M_UNRECOGNIZED, msg);
goto finish;
break;
}

View file

@ -45,6 +45,8 @@ ROUTE_IMPL(RouteRefresh, path, argp)
UserAccessToken *newAccessToken;
char *deviceId;
char *msg;
Db *db = args->matrixArgs->db;
User *user = NULL;
@ -55,8 +57,9 @@ ROUTE_IMPL(RouteRefresh, path, argp)
if (HttpRequestMethodGet(args->context) != HTTP_POST)
{
msg = "This route only accepts POST.";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
return MatrixErrorCreate(M_UNRECOGNIZED, NULL);
return MatrixErrorCreate(M_UNRECOGNIZED, msg);
}
request = JsonDecode(HttpServerStream(args->context));
@ -69,8 +72,9 @@ ROUTE_IMPL(RouteRefresh, path, argp)
val = HashMapGet(request, "refresh_token");
if (!val || JsonValueType(val) != JSON_STRING)
{
msg = "'refresh_token' is unset or not a string.";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_BAD_JSON, NULL);
response = MatrixErrorCreate(M_BAD_JSON, msg);
goto finish;
}

View file

@ -86,9 +86,10 @@ ROUTE_IMPL(RouteRegister, path, argp)
if (!config)
{
msg = "Internal server error while locking configuration.";
Log(LOG_ERR, "Registration endpoint failed to lock configuration.");
HttpResponseStatus(args->context, HTTP_INTERNAL_SERVER_ERROR);
return MatrixErrorCreate(M_UNKNOWN, NULL);
return MatrixErrorCreate(M_UNKNOWN, msg);
}
if (ArraySize(path) == 0)
@ -254,8 +255,9 @@ finish:
if (!username)
{
msg = "'username' path parameter is not set.";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_MISSING_PARAM, NULL);
response = MatrixErrorCreate(M_MISSING_PARAM, msg);
}
else if (!UserValidate(username, config->serverName))
{

View file

@ -54,8 +54,9 @@ ROUTE_IMPL(RouteRequestToken, path, argp)
if (HttpRequestMethodGet(args->context) != HTTP_POST)
{
msg = "This route only accepts POST.";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
return MatrixErrorCreate(M_UNRECOGNIZED, NULL);
return MatrixErrorCreate(M_UNRECOGNIZED, msg);
}
request = JsonDecode(HttpServerStream(args->context));

View file

@ -47,8 +47,8 @@ ROUTE_IMPL(RouteStaticResources, path, argp)
"function findGetParameter(parameterName) {"
" var result = null;"
" var tmp = [];"
" var items = location.search.substr(1).split(\"&\");"
" for (var index = 0; index < items.length; index++) {"
" var items = location.search.substr(1).split(\"&\");"
" for (var index = 0; index < items.length; index++) {"
" tmp = items[index].split(\"=\");"
" if (tmp[0] === parameterName) result = decodeURIComponent(tmp[1]);"
" }"

View file

@ -41,13 +41,15 @@ ROUTE_IMPL(RouteTokenValid, path, argp)
RegTokenInfo *info = NULL;
char *tokenstr;
char *msg;
(void) path;
if (HttpRequestMethodGet(args->context) != HTTP_GET)
{
msg = "This route only accepts GET.";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
return MatrixErrorCreate(M_UNRECOGNIZED, NULL);
return MatrixErrorCreate(M_UNRECOGNIZED, msg);
}
request = JsonDecode(HttpServerStream(args->context));

View file

@ -36,6 +36,8 @@ ROUTE_IMPL(RouteUiaFallback, path, argp)
char *authType = ArrayGet(path, 0);
char *sessionId;
char *msg;
if (!authType)
{
/* This should never happen */
@ -56,9 +58,10 @@ ROUTE_IMPL(RouteUiaFallback, path, argp)
config = ConfigLock(args->matrixArgs->db);
if (!config)
{
msg = "Internal server error: failed to lock configuration.";
Log(LOG_ERR, "UIA fallback failed to lock configuration.");
HttpResponseStatus(args->context, HTTP_INTERNAL_SERVER_ERROR);
return MatrixErrorCreate(M_UNKNOWN, NULL);
return MatrixErrorCreate(M_UNKNOWN, msg);
}
request = JsonDecode(HttpServerStream(args->context));
@ -93,15 +96,17 @@ ROUTE_IMPL(RouteUiaFallback, path, argp)
}
else if (HttpRequestMethodGet(args->context) != HTTP_GET)
{
msg = "Route only supports GET.";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
return MatrixErrorCreate(M_UNRECOGNIZED, NULL);
return MatrixErrorCreate(M_UNRECOGNIZED, msg);
}
sessionId = HashMapGet(requestParams, "session");
if (!sessionId)
{
msg = "'session' parameter is unset.";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
return MatrixErrorCreate(M_MISSING_PARAM, NULL);
return MatrixErrorCreate(M_MISSING_PARAM, msg);
}
HttpResponseHeader(args->context, "Content-Type", "text/html");
@ -121,25 +126,25 @@ ROUTE_IMPL(RouteUiaFallback, path, argp)
HtmlEndForm(stream);
HtmlBeginJs(stream);
StreamPrintf(stream,
"function buildRequest() {"
"function buildRequest() {"
" let user = document.getElementById('user').value;"
" let pass = document.getElementById('password').value;"
" if (!user || !pass) {"
" setFormError('Please specify a username and password.');"
" return false;"
" }"
" return {"
" auth: {"
" type: '%s',"
" identifier: {"
" type: 'm.id.user',"
" user: user"
" },"
" password: pass,"
" session: '%s'"
" }"
" };"
"}", authType, sessionId);
" let pass = document.getElementById('password').value;"
" if (!user || !pass) {"
" setFormError('Please specify a username and password.');"
" return false;"
" }"
" return {"
" auth: {"
" type: '%s',"
" identifier: {"
" type: 'm.id.user',"
" user: user"
" },"
" password: pass,"
" session: '%s'"
" }"
" };"
"}", authType, sessionId);
HtmlEndJs(stream);
}
else if (StrEquals(authType, "m.login.registration_token"))
@ -186,10 +191,10 @@ ROUTE_IMPL(RouteUiaFallback, path, argp)
"function processResponse(xhr) {"
" let r = JSON.parse(xhr.responseText);"
" console.log(r);"
" if (xhr.status == 200 || r.completed.includes('%s')) {"
" if (xhr.status == 200 || r.completed.includes('%s')) {"
" if (window.onAuthDone) {"
" window.onAuthDone();"
" } else if (window.opener && window.opener.postMessage) {"
" } else if (window.opener && window.opener.postMessage) {"
" window.opener.postMessage('authDone', '*');"
" } else {"
" setFormError('Client error.');"

View file

@ -48,6 +48,8 @@ ROUTE_IMPL(RouteUserProfile, path, argp)
char *token = NULL;
char *value = NULL;
char *msg;
Config *config = ConfigLock(db);
if (!config)
@ -63,15 +65,18 @@ ROUTE_IMPL(RouteUserProfile, path, argp)
userId = UserIdParse(username, serverName);
if (!userId)
{
msg = "Invalid user ID.";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_INVALID_PARAM, NULL);
response = MatrixErrorCreate(M_INVALID_PARAM, msg);
goto finish;
}
if (strcmp(userId->server, serverName))
{
/* TODO: Implement lookup over federation. */
msg = "User profile endpoint currently doesn't support lookup over "
"federation.";
HttpResponseStatus(args->context, HTTP_FORBIDDEN);
response = MatrixErrorCreate(M_FORBIDDEN, NULL);
response = MatrixErrorCreate(M_FORBIDDEN, msg);
goto finish;
}
@ -82,8 +87,9 @@ ROUTE_IMPL(RouteUserProfile, path, argp)
user = UserLock(db, userId->localpart);
if (!user)
{
msg = "Couldn't lock user.";
HttpResponseStatus(args->context, HTTP_NOT_FOUND);
response = MatrixErrorCreate(M_NOT_FOUND, NULL);
response = MatrixErrorCreate(M_NOT_FOUND, msg);
goto finish;
}
@ -138,7 +144,7 @@ ROUTE_IMPL(RouteUserProfile, path, argp)
StrEquals(entry, "avatar_url"))
{
/* Check if user has privilege to do that action. */
if (strcmp(userId->localpart, UserGetName(user)) == 0)
if (StrEquals(userId->localpart, UserGetName(user)))
{
value = JsonValueAsString(HashMapGet(request, entry));
/* TODO: Make UserSetProfile notify other
@ -148,14 +154,16 @@ ROUTE_IMPL(RouteUserProfile, path, argp)
goto finish;
}
/* User is not allowed to carry-on the action */
msg = "Cannot change another user's profile.";
HttpResponseStatus(args->context, HTTP_FORBIDDEN);
response = MatrixErrorCreate(M_FORBIDDEN, NULL);
response = MatrixErrorCreate(M_FORBIDDEN, msg);
goto finish;
}
else
{
msg = "Invalid property being changed.";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_UNRECOGNIZED, NULL);
response = MatrixErrorCreate(M_UNRECOGNIZED, msg);
goto finish;
}
}
@ -166,8 +174,9 @@ ROUTE_IMPL(RouteUserProfile, path, argp)
goto finish;
}
default:
msg = "Route only accepts GET and PUT.";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_UNKNOWN, NULL);
response = MatrixErrorCreate(M_UNKNOWN, msg);
break;
}
finish:

View file

@ -37,11 +37,14 @@ ROUTE_IMPL(RouteWellKnown, path, argp)
Config *config = ConfigLock(args->matrixArgs->db);
char *msg;
if (!config)
{
Log(LOG_ERR, "Well-known endpoint failed to lock configuration.");
msg = "Internal server error: couldn't lock database.";
HttpResponseStatus(args->context, HTTP_INTERNAL_SERVER_ERROR);
return MatrixErrorCreate(M_UNKNOWN, NULL);
return MatrixErrorCreate(M_UNKNOWN, msg);
}
if (StrEquals(ArrayGet(path, 0), "client"))

View file

@ -42,14 +42,16 @@ ROUTE_IMPL(RouteWhoami, path, argp)
char *token;
char *userID;
char *deviceID;
char *msg;
Config *config = ConfigLock(db);
if (!config)
{
msg = "Internal server error: couldn't lock database.";
Log(LOG_ERR, "Who am I endpoint failed to lock configuration.");
HttpResponseStatus(args->context, HTTP_INTERNAL_SERVER_ERROR);
return MatrixErrorCreate(M_UNKNOWN, NULL);
return MatrixErrorCreate(M_UNKNOWN, msg);
}
(void) path;

View file

@ -222,6 +222,8 @@ UiaComplete(Array * flows, HttpServerContext * context, Db * db,
HashMap *dbJson;
int ret;
char *msg;
if (!flows)
{
return -1;
@ -242,8 +244,9 @@ UiaComplete(Array * flows, HttpServerContext * context, Db * db,
if (JsonValueType(val) != JSON_OBJECT)
{
msg = "'auth' is not an object.";
HttpResponseStatus(context, HTTP_BAD_REQUEST);
*response = MatrixErrorCreate(M_BAD_JSON, NULL);
*response = MatrixErrorCreate(M_BAD_JSON, msg);
return 0;
}
@ -252,8 +255,9 @@ UiaComplete(Array * flows, HttpServerContext * context, Db * db,
if (!val || JsonValueType(val) != JSON_STRING)
{
msg = "'auth->session' is unset or not a string.";
HttpResponseStatus(context, HTTP_BAD_REQUEST);
*response = MatrixErrorCreate(M_BAD_JSON, NULL);
*response = MatrixErrorCreate(M_BAD_JSON, msg);
return 0;
}
@ -311,8 +315,9 @@ UiaComplete(Array * flows, HttpServerContext * context, Db * db,
if (!val || JsonValueType(val) != JSON_STRING)
{
msg = "'auth->type' is unset or not a string.";
HttpResponseStatus(context, HTTP_BAD_REQUEST);
*response = MatrixErrorCreate(M_BAD_JSON, NULL);
*response = MatrixErrorCreate(M_BAD_JSON, msg);
ret = 0;
goto finish;
}