Use Pydantic to validate PUT /directory/list/room/{roomId}

David Robertson · David Robertson · commit b2fe44020a30 · 2022-10-14T11:33:49.000+01:00
diff --git a/synapse/handlers/directory.py b/synapse/handlers/directory.py
@@ -16,6 +16,8 @@
 import string
 from typing import TYPE_CHECKING, Iterable, List, Optional
 
+from typing_extensions import Literal
+
 from synapse.api.constants import MAX_ALIAS_LENGTH, EventTypes
 from synapse.api.errors import (
     AuthError,
@@ -429,7 +431,10 @@ async def _user_can_delete_alias(
         return await self.auth.check_can_change_room_list(room_id, requester)
 
     async def edit_published_room_list(
-        self, requester: Requester, room_id: str, visibility: str
+        self,
+        requester: Requester,
+        room_id: str,
+        visibility: Literal["public", "private"],
     ) -> None:
         """Edit the entry of the room in the published room list.
 
@@ -451,9 +456,6 @@ async def edit_published_room_list(
         if requester.is_guest:
             raise AuthError(403, "Guests cannot edit the published room list")
 
-        if visibility not in ["public", "private"]:
-            raise SynapseError(400, "Invalid visibility setting")
-
         if visibility == "public" and not self.enable_room_list_search:
             # The room list has been disabled.
             raise AuthError(
diff --git a/synapse/rest/client/directory.py b/synapse/rest/client/directory.py
@@ -16,6 +16,7 @@
 from typing import TYPE_CHECKING, List, Optional, Tuple
 
 from pydantic import StrictStr
+from typing_extensions import Literal
 
 from twisted.web.server import Request
 
@@ -141,16 +142,18 @@ async def on_GET(self, request: Request, room_id: str) -> Tuple[int, JsonDict]:
 
         return 200, {"visibility": "public" if room["is_public"] else "private"}
 
+    class PutBody(RequestBodyModel):
+        visibility: Literal["public", "private"] = "public"
+
     async def on_PUT(
         self, request: SynapseRequest, room_id: str
     ) -> Tuple[int, JsonDict]:
         requester = await self.auth.get_user_by_req(request)
 
-        content = parse_json_object_from_request(request)
-        visibility = content.get("visibility", "public")
+        content = parse_and_validate_json_object_from_request(request, self.PutBody)
 
         await self.directory_handler.edit_published_room_list(
-            requester, room_id, visibility
+            requester, room_id, content.visibility
         )
 
         return 200, {}
