Merge branch 'forbidden' into 'master'
fix: Forbidden instead of InvalidParam when joining See merge request famedly/conduit!84
This commit is contained in:
Timo Kösters
commit
1ab209736a
3 changed files with 18 additions and 11 deletions
|
|
@ -1,5 +1,8 @@
|
|||
image: "rust:latest"
|
||||
|
||||
default:
|
||||
tags: [docker]
|
||||
|
||||
cache:
|
||||
paths:
|
||||
- target
|
||||
|
|
|
|||
|
|
@ -839,7 +839,7 @@ pub async fn invite_helper(
|
|||
|
||||
if !auth_check {
|
||||
return Err(Error::BadRequest(
|
||||
ErrorKind::InvalidParam,
|
||||
ErrorKind::Forbidden,
|
||||
"Event is not authorized.",
|
||||
));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -59,7 +59,7 @@ where
|
|||
let token = request
|
||||
.headers()
|
||||
.get_one("Authorization")
|
||||
.map(|s| s[7..].to_owned()) // Split off "Bearer "
|
||||
.and_then(|s| s.get(7..)) // Split off "Bearer "
|
||||
.or_else(|| request.query_value("access_token").and_then(|r| r.ok()));
|
||||
|
||||
let limit = db.globals.max_request_size();
|
||||
|
|
@ -134,16 +134,20 @@ where
|
|||
}
|
||||
AuthScheme::ServerSignatures => {
|
||||
// Get origin from header
|
||||
let x_matrix = match request.headers().get_one("Authorization").map(|s| {
|
||||
let x_matrix = match request
|
||||
.headers()
|
||||
.get_one("Authorization")
|
||||
.and_then(|s|
|
||||
// Split off "X-Matrix " and parse the rest
|
||||
s[9..]
|
||||
.split_terminator(',')
|
||||
.map(|field| {
|
||||
let mut splits = field.splitn(2, '=');
|
||||
(splits.next(), splits.next().map(|s| s.trim_matches('"')))
|
||||
})
|
||||
.collect::<BTreeMap<_, _>>()
|
||||
}) {
|
||||
s.get(9..))
|
||||
.map(|s| {
|
||||
s.split_terminator(',')
|
||||
.map(|field| {
|
||||
let mut splits = field.splitn(2, '=');
|
||||
(splits.next(), splits.next().map(|s| s.trim_matches('"')))
|
||||
})
|
||||
.collect::<BTreeMap<_, _>>()
|
||||
}) {
|
||||
Some(t) => t,
|
||||
None => {
|
||||
warn!("No Authorization header");
|
||||
|
|
|
|||
Loading…
Reference in a new issue