Return a 404 for admin api user lookup if user not found (#6901)

This commit is contained in:
Andrew Morgan 2020-02-12 18:14:10 +00:00 committed by GitHub
parent 47acbc519f
commit d8994942f2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 21 additions and 1 deletions

1
changelog.d/6901.misc Normal file
View file

@ -0,0 +1 @@
Return a 404 instead of 200 for querying information of a non-existant user through the admin API.

View file

@ -21,7 +21,7 @@ from six import text_type
from six.moves import http_client
from synapse.api.constants import UserTypes
from synapse.api.errors import Codes, SynapseError
from synapse.api.errors import Codes, NotFoundError, SynapseError
from synapse.http.servlet import (
RestServlet,
assert_params_in_dict,
@ -152,6 +152,9 @@ class UserRestServletV2(RestServlet):
ret = await self.admin_handler.get_user(target_user)
if not ret:
raise NotFoundError("User not found")
return 200, ret
async def on_PUT(self, request, user_id):

View file

@ -401,6 +401,22 @@ class UserRestTestCase(unittest.HomeserverTestCase):
self.assertEqual(403, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual("You are not a server admin", channel.json_body["error"])
def test_user_does_not_exist(self):
"""
Tests that a lookup for a user that does not exist returns a 404
"""
self.hs.config.registration_shared_secret = None
request, channel = self.make_request(
"GET",
"/_synapse/admin/v2/users/@unknown_person:test",
access_token=self.admin_user_tok,
)
self.render(request)
self.assertEqual(404, channel.code, msg=channel.json_body)
self.assertEqual("M_NOT_FOUND", channel.json_body["errcode"])
def test_requester_is_admin(self):
"""
If the user is a server admin, a new user is created.