Ensure 'deactivated' parameter is a boolean on user admin API, Fix error handling of call to deactivate user (matrix-org#6990)

anoadragon453 · phil-flex · commit f1e01dd2b221 · 2020-03-27T21:42:45.000+08:00
diff --git a/changelog.d/6990.bugfix b/changelog.d/6990.bugfix
@@ -0,0 +1 @@
+Prevent user from setting 'deactivated' to anything other than a bool on the v2 PUT /users Admin API.
diff --git a/synapse/rest/admin/users.py b/synapse/rest/admin/users.py
@@ -226,13 +226,16 @@ async def on_PUT(self, request, user_id):
                     )
 
             if "deactivated" in body:
-                deactivate = bool(body["deactivated"])
+                deactivate = body["deactivated"]
+                if not isinstance(deactivate, bool):
+                    raise SynapseError(
+                        400, "'deactivated' parameter is not of type boolean"
+                    )
+
                 if deactivate and not user["deactivated"]:
-                    result = await self.deactivate_account_handler.deactivate_account(
+                    await self.deactivate_account_handler.deactivate_account(
                         target_user.to_string(), False
                     )
-                    if not result:
-                        raise SynapseError(500, "Could not deactivate user")
 
             user = await self.admin_handler.get_user(target_user)
             return 200, user

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+Prevent user from setting 'deactivated' to anything other than a bool on the v2 PUT /users Admin API.`