From 119f02e3b385652c85c8acbf9d125c1f406e914e Mon Sep 17 00:00:00 2001 From: Devon Hudson Date: Mon, 1 Dec 2025 15:24:26 +0000 Subject: [PATCH] Return 400 when canonical_alias content invalid (#19240) Fixes #19198 Returns HTTP 400 when `alias` or `alt_alias` inside of `m.room.canonical_alias` `content` are not of type string. Previously this resulted in HTTP 500 errors as Synapse assumed they were strings and would raise an exception when it tried to treat them as such if they actually weren't. With the changes implemented: Screenshot from 2025-11-28 16-48-06 Screenshot from 2025-11-28 16-47-42 ### Pull Request Checklist * [X] Pull request is based on the develop branch * [X] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [X] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) --- changelog.d/19240.bugfix | 1 + synapse/handlers/message.py | 12 ++++++++++++ tests/rest/client/test_rooms.py | 2 ++ 3 files changed, 15 insertions(+) create mode 100644 changelog.d/19240.bugfix diff --git a/changelog.d/19240.bugfix b/changelog.d/19240.bugfix new file mode 100644 index 000000000..d8490bcc1 --- /dev/null +++ b/changelog.d/19240.bugfix @@ -0,0 +1 @@ +Fix bug where invalid `canonical_alias` content would return 500 instead of 400. diff --git a/synapse/handlers/message.py b/synapse/handlers/message.py index bac4bd936..a6499de3a 100644 --- a/synapse/handlers/message.py +++ b/synapse/handlers/message.py @@ -1955,6 +1955,12 @@ class EventCreationHandler: room_alias_str = event.content.get("alias", None) directory_handler = self.hs.get_directory_handler() if room_alias_str and room_alias_str != original_alias: + if not isinstance(room_alias_str, str): + raise SynapseError( + 400, + "The alias must be of type string.", + Codes.INVALID_PARAM, + ) await self._validate_canonical_alias( directory_handler, room_alias_str, event.room_id ) @@ -1978,6 +1984,12 @@ class EventCreationHandler: new_alt_aliases = set(alt_aliases) - set(original_alt_aliases) if new_alt_aliases: for alias_str in new_alt_aliases: + if not isinstance(alias_str, str): + raise SynapseError( + 400, + "Each alt_alias must be of type string.", + Codes.INVALID_PARAM, + ) await self._validate_canonical_alias( directory_handler, alias_str, event.room_id ) diff --git a/tests/rest/client/test_rooms.py b/tests/rest/client/test_rooms.py index 68e09afc5..926560afd 100644 --- a/tests/rest/client/test_rooms.py +++ b/tests/rest/client/test_rooms.py @@ -3880,9 +3880,11 @@ class RoomCanonicalAliasTestCase(unittest.HomeserverTestCase): self._set_canonical_alias({"alt_aliases": False}, expected_code=400) self._set_canonical_alias({"alt_aliases": True}, expected_code=400) self._set_canonical_alias({"alt_aliases": {}}, expected_code=400) + self._set_canonical_alias({"alt_aliases": [0]}, expected_code=400) def test_bad_alias(self) -> None: """An alias which does not point to the room raises a SynapseError.""" + self._set_canonical_alias({"alias": {"@unknown:test": "a"}}, expected_code=400) self._set_canonical_alias({"alias": "@unknown:test"}, expected_code=400) self._set_canonical_alias({"alt_aliases": ["@unknown:test"]}, expected_code=400)