Merge pull request #66 from jagerman/random-fixes

majestrate · web-flow · commit 83dca2956758 · 2022-02-24T12:10:19.000-05:00
Random fixes
diff --git a/sogs/routes/general.py b/sogs/routes/general.py
@@ -37,7 +37,7 @@ def get_caps():
     return jsonify(res), res_code
 
 
-def parse_batch_req(r):
+def parse_batch_request(req):
     """
     Checks a batch request dict for the required fields:
 
@@ -56,61 +56,61 @@ def parse_batch_req(r):
     dict within the request for json bodies, and `body` will be the *bytes* data (i.e. decoded from
     base64, when using `b64`) for 'b64' or 'bytes' requests.
     """
-    if not isinstance(r, dict):
+    if not isinstance(req, dict):
         app.logger.warning("Invalid batch request: batch request is not a dict")
         abort(http.BAD_REQUEST)
-    if 'method' not in r:
+    if 'method' not in req:
         app.logger.warning("Invalid batch request: batch request has no method")
         abort(http.BAD_REQUEST)
-    if 'path' not in r:
+    if 'path' not in req:
         app.logger.warning("Invalid batch request: batch request has no path")
         abort(http.BAD_REQUEST)
 
-    method, path, headers, json, body = r['method'], r['path'], {}, None, None
+    method, path, headers, json, body = req['method'], req['path'], {}, None, None
 
-    if 'headers' in r:
-        if not isinstance(r['headers'], dict):
+    if 'headers' in req:
+        if not isinstance(req['headers'], dict):
             app.logger.warning("Bad batch request: 'headers' must be a dict")
             abort(http.BAD_REQUEST)
-        if any(not isinstance(k, str) or not isinstance(v, str) for k, v in r['headers'].items()):
+        if any(not isinstance(k, str) or not isinstance(v, str) for k, v in req['headers'].items()):
             app.logger.warning("Bad batch request: 'headers' must contain only str/str pairs")
             abort(http.BAD_REQUEST)
-        headers = r['headers']
+        headers = req['headers']
 
-    has_body = r['method'] in ('POST', 'PUT')
-    if not has_body and r['method'] not in ('GET', 'DELETE'):
-        app.logger.warning(f"Bad batch request: invalid request method {r['method']}")
+    has_body = method in ('POST', 'PUT')
+    if not has_body and method not in ('GET', 'DELETE'):
+        app.logger.warning(f"Bad batch request: invalid request method {method}")
         abort(http.BAD_REQUEST)
 
     if not path.startswith('/'):
         app.logger.warning(f"Bad batch request: path must start with /, got: [{path}]")
         abort(http.BAD_REQUEST)
 
-    n_bodies = sum(k in r for k in ('b64', 'json', 'bytes'))
+    n_bodies = sum(k in req for k in ('b64', 'json', 'bytes'))
     if has_body:
         if not n_bodies:
-            app.logger.warning(f"Bad batch request: {r['method']} requires one of json/b64/bytes")
+            app.logger.warning(f"Bad batch request: {method} requires one of json/b64/bytes")
             abort(http.BAD_REQUEST)
         elif n_bodies > 1:
             app.logger.warning(
-                f"Bad batch request: {r['method']} cannot have more than one of json/bytes/b64"
+                f"Bad batch request: {method} cannot have more than one of json/bytes/b64"
             )
             abort(http.BAD_REQUEST)
 
-        if 'b64' in r:
+        if 'b64' in req:
             try:
-                body = utils.decode_base64(r['b64'])
+                body = utils.decode_base64(req['b64'])
             except Exception:
                 app.logger.warning("Bad batch request: b64 value is not valid base64")
-        elif 'bytes' in r:
-            body = r['bytes']
+        elif 'bytes' in req:
+            body = req['bytes']
             if not isinstance(body, bytes):
                 body = body.encode()
         else:
-            json = r['json']
+            json = req['json']
 
     elif n_bodies:
-        app.logger.warning(f"Bad batch request: {r['method']} cannot have a json/b64/bytes body")
+        app.logger.warning(f"Bad batch request: {req['method']} cannot have a json/b64/bytes body")
         abort(http.BAD_REQUEST)
 
     return method, path, headers, json, body
@@ -138,7 +138,7 @@ def batch(_sequential=False):
 
     # Expand this into a list first (rather than during iteration below) so that we abort everything
     # if any subrequest is invalid.
-    subreqs = [parse_batch_req(r) for r in subreqs]
+    subreqs = [parse_batch_request(r) for r in subreqs]
 
     response = []
     for method, path, headers, json, body in subreqs:
diff --git a/sogs/routes/users.py b/sogs/routes/users.py
@@ -27,6 +27,10 @@ def extract_rooms_or_global(req, admin=True):
     to).
     """
 
+    if not isinstance(req, dict):
+        app.logger.warning(f"Invalid request: expected a JSON object body, not {type(req)}")
+        abort(http.BAD_REQUEST)
+
     room_tokens, global_ = req.get('rooms'), req.get('global', False)
 
     if room_tokens and not isinstance(room_tokens, list):
@@ -51,7 +55,7 @@ def extract_rooms_or_global(req, admin=True):
 
         try:
             rooms = mroom.get_rooms_with_permission(
-                g.user, tokens=room_tokens, moderator=True, admin=admin
+                g.user, tokens=room_tokens, moderator=True, admin=True if admin else None
             )
         except Exception as e:
             # This is almost certainly a bad room token passed in:
