From 04b7023a7c84daa3f7f30321727903fe552b478a Mon Sep 17 00:00:00 2001
From: "H. Shay" <hillerys@element.io>
Date: Thu, 6 Jun 2024 11:19:54 -0700
Subject: [PATCH] add pydantic check + comment

---
 synapse/rest/admin/users.py | 16 ++++++++++++++--
 synapse/rest/client/room.py |  2 +-
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/synapse/rest/admin/users.py b/synapse/rest/admin/users.py
index 801ad2b646e..1fed638cd27 100644
--- a/synapse/rest/admin/users.py
+++ b/synapse/rest/admin/users.py
@@ -27,11 +27,13 @@
 
 import attr
 
+from synapse._pydantic_compat import HAS_PYDANTIC_V2
 from synapse.api.constants import Direction, UserTypes
 from synapse.api.errors import Codes, NotFoundError, SynapseError
 from synapse.http.servlet import (
     RestServlet,
     assert_params_in_dict,
+    parse_and_validate_json_object_from_request,
     parse_boolean,
     parse_enum,
     parse_integer,
@@ -46,6 +48,7 @@
     assert_user_is_admin,
 )
 from synapse.rest.client._base import client_patterns
+from synapse.rest.models import RequestBodyModel
 from synapse.storage.databases.main.registration import ExternalIDReuseException
 from synapse.storage.databases.main.stats import UserSortOrder
 from synapse.types import JsonDict, JsonMapping, UserID
@@ -53,6 +56,12 @@
 if TYPE_CHECKING:
     from synapse.server import HomeServer
 
+if TYPE_CHECKING or HAS_PYDANTIC_V2:
+    from pydantic.v1 import StrictBool
+else:
+    from pydantic import StrictBool
+
+
 logger = logging.getLogger(__name__)
 
 
@@ -740,6 +749,9 @@ def __init__(self, hs: "HomeServer"):
         self.is_mine = hs.is_mine
         self.store = hs.get_datastores().main
 
+    class PutBody(RequestBodyModel):
+        suspend: StrictBool
+
     async def on_PUT(
         self, request: SynapseRequest, target_user_id: str
     ) -> Tuple[int, JsonDict]:
@@ -752,8 +764,8 @@ async def on_PUT(
         if not await self.store.get_user_by_id(target_user_id):
             raise NotFoundError("User not found")
 
-        body = parse_json_object_from_request(request, allow_empty_body=True)
-        suspend = body.get("suspend", False)
+        body = parse_and_validate_json_object_from_request(request, self.PutBody)
+        suspend = body.suspend
         await self.store.set_user_suspended_status(target_user_id, suspend)
 
         return HTTPStatus.OK, {f"user_{target_user_id}_suspended": suspend}
diff --git a/synapse/rest/client/room.py b/synapse/rest/client/room.py
index 65712df9cab..ff5759bd4af 100644
--- a/synapse/rest/client/room.py
+++ b/synapse/rest/client/room.py
@@ -1119,7 +1119,7 @@ async def _do(
                 if event.sender != requester.user.to_string():
                     raise SynapseError(
                         403,
-                        "Only events created by the requester may be redacted while account is suspended.",
+                        "You can only redact your own events while account is suspended.",
                         Codes.USER_ACCOUNT_SUSPENDED,
                     )