commit
1315d374cc
|
@ -30,6 +30,8 @@ from hashlib import sha1
|
||||||
import hmac
|
import hmac
|
||||||
import logging
|
import logging
|
||||||
|
|
||||||
|
from six import string_types
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
|
@ -333,11 +335,11 @@ class RegisterRestServlet(ClientV1RestServlet):
|
||||||
def _do_shared_secret(self, request, register_json, session):
|
def _do_shared_secret(self, request, register_json, session):
|
||||||
yield run_on_reactor()
|
yield run_on_reactor()
|
||||||
|
|
||||||
if not isinstance(register_json.get("mac", None), basestring):
|
if not isinstance(register_json.get("mac", None), string_types):
|
||||||
raise SynapseError(400, "Expected mac.")
|
raise SynapseError(400, "Expected mac.")
|
||||||
if not isinstance(register_json.get("user", None), basestring):
|
if not isinstance(register_json.get("user", None), string_types):
|
||||||
raise SynapseError(400, "Expected 'user' key.")
|
raise SynapseError(400, "Expected 'user' key.")
|
||||||
if not isinstance(register_json.get("password", None), basestring):
|
if not isinstance(register_json.get("password", None), string_types):
|
||||||
raise SynapseError(400, "Expected 'password' key.")
|
raise SynapseError(400, "Expected 'password' key.")
|
||||||
|
|
||||||
if not self.hs.config.registration_shared_secret:
|
if not self.hs.config.registration_shared_secret:
|
||||||
|
@ -358,14 +360,14 @@ class RegisterRestServlet(ClientV1RestServlet):
|
||||||
got_mac = str(register_json["mac"])
|
got_mac = str(register_json["mac"])
|
||||||
|
|
||||||
want_mac = hmac.new(
|
want_mac = hmac.new(
|
||||||
key=self.hs.config.registration_shared_secret,
|
key=self.hs.config.registration_shared_secret.encode(),
|
||||||
digestmod=sha1,
|
digestmod=sha1,
|
||||||
)
|
)
|
||||||
want_mac.update(user)
|
want_mac.update(user)
|
||||||
want_mac.update("\x00")
|
want_mac.update(b"\x00")
|
||||||
want_mac.update(password)
|
want_mac.update(password)
|
||||||
want_mac.update("\x00")
|
want_mac.update(b"\x00")
|
||||||
want_mac.update("admin" if admin else "notadmin")
|
want_mac.update(b"admin" if admin else b"notadmin")
|
||||||
want_mac = want_mac.hexdigest()
|
want_mac = want_mac.hexdigest()
|
||||||
|
|
||||||
if compare_digest(want_mac, got_mac):
|
if compare_digest(want_mac, got_mac):
|
||||||
|
|
|
@ -35,6 +35,8 @@ from hashlib import sha1
|
||||||
from synapse.util.async import run_on_reactor
|
from synapse.util.async import run_on_reactor
|
||||||
from synapse.util.ratelimitutils import FederationRateLimiter
|
from synapse.util.ratelimitutils import FederationRateLimiter
|
||||||
|
|
||||||
|
from six import string_types
|
||||||
|
|
||||||
|
|
||||||
# We ought to be using hmac.compare_digest() but on older pythons it doesn't
|
# We ought to be using hmac.compare_digest() but on older pythons it doesn't
|
||||||
# exist. It's a _really minor_ security flaw to use plain string comparison
|
# exist. It's a _really minor_ security flaw to use plain string comparison
|
||||||
|
@ -210,14 +212,14 @@ class RegisterRestServlet(RestServlet):
|
||||||
# in sessions. Pull out the username/password provided to us.
|
# in sessions. Pull out the username/password provided to us.
|
||||||
desired_password = None
|
desired_password = None
|
||||||
if 'password' in body:
|
if 'password' in body:
|
||||||
if (not isinstance(body['password'], basestring) or
|
if (not isinstance(body['password'], string_types) or
|
||||||
len(body['password']) > 512):
|
len(body['password']) > 512):
|
||||||
raise SynapseError(400, "Invalid password")
|
raise SynapseError(400, "Invalid password")
|
||||||
desired_password = body["password"]
|
desired_password = body["password"]
|
||||||
|
|
||||||
desired_username = None
|
desired_username = None
|
||||||
if 'username' in body:
|
if 'username' in body:
|
||||||
if (not isinstance(body['username'], basestring) or
|
if (not isinstance(body['username'], string_types) or
|
||||||
len(body['username']) > 512):
|
len(body['username']) > 512):
|
||||||
raise SynapseError(400, "Invalid username")
|
raise SynapseError(400, "Invalid username")
|
||||||
desired_username = body['username']
|
desired_username = body['username']
|
||||||
|
@ -243,7 +245,7 @@ class RegisterRestServlet(RestServlet):
|
||||||
|
|
||||||
access_token = get_access_token_from_request(request)
|
access_token = get_access_token_from_request(request)
|
||||||
|
|
||||||
if isinstance(desired_username, basestring):
|
if isinstance(desired_username, string_types):
|
||||||
result = yield self._do_appservice_registration(
|
result = yield self._do_appservice_registration(
|
||||||
desired_username, access_token, body
|
desired_username, access_token, body
|
||||||
)
|
)
|
||||||
|
@ -464,7 +466,7 @@ class RegisterRestServlet(RestServlet):
|
||||||
# includes the password and admin flag in the hashed text. Why are
|
# includes the password and admin flag in the hashed text. Why are
|
||||||
# these different?
|
# these different?
|
||||||
want_mac = hmac.new(
|
want_mac = hmac.new(
|
||||||
key=self.hs.config.registration_shared_secret,
|
key=self.hs.config.registration_shared_secret.encode(),
|
||||||
msg=user,
|
msg=user,
|
||||||
digestmod=sha1,
|
digestmod=sha1,
|
||||||
).hexdigest()
|
).hexdigest()
|
||||||
|
|
Loading…
Reference in New Issue