Remove trailing slash ability from password reset's submit_token endpoint (#6074)

anoadragon453 · anoadragon453 · commit 3dbfba03f914 · 2020-02-25T14:45:00.000Z
diff --git a/changelog.d/6074.feature b/changelog.d/6074.feature
@@ -0,0 +1 @@
+Prevent password reset's submit_token endpoint from accepting trailing slashes.
diff --git a/synapse/rest/client/v2_alpha/account.py b/synapse/rest/client/v2_alpha/account.py
@@ -207,7 +207,7 @@ class PasswordResetSubmitTokenServlet(RestServlet):
     """Handles 3PID validation token submission"""
 
     PATTERNS = client_patterns(
-        "/password_reset/(?P<medium>[^/]*)/submit_token/*$", releases=(), unstable=True
+        "/password_reset/(?P<medium>[^/]*)/submit_token$", releases=(), unstable=True
     )
 
     def __init__(self, hs):

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+Prevent password reset's submit_token endpoint from accepting trailing slashes.`
Original file line number	Diff line number	Diff line change
`@@ -207,7 +207,7 @@ class PasswordResetSubmitTokenServlet(RestServlet):`
`207`	`207`	`"""Handles 3PID validation token submission"""`
`208`	`208`
`209`	`209`	`PATTERNS = client_patterns(`
`210`		`- "/password_reset/(?P<medium>[^/])/submit_token/$", releases=(), unstable=True`
	`210`	`+ "/password_reset/(?P<medium>[^/]*)/submit_token$", releases=(), unstable=True`
`211`	`211`	`)`
`212`	`212`
`213`	`213`	`def __init__(self, hs):`