Merge pull request #3732 from matrix-org/rav/fix_gdpr_consent

Fix 500 error from /consent form
release-v0.33.3
Richard van der Hoff 2018-08-22 09:15:06 +01:00 committed by GitHub
commit d7585a4c83
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 3 deletions

1
changelog.d/3732.bugfix Normal file
View File

@ -0,0 +1 @@
Fix bug introduced in v0.33.3rc1 which made the ToS give a 500 error

View File

@ -140,7 +140,7 @@ class ConsentResource(Resource):
version = parse_string(request, "v", version = parse_string(request, "v",
default=self._default_consent_version) default=self._default_consent_version)
username = parse_string(request, "u", required=True) username = parse_string(request, "u", required=True)
userhmac = parse_string(request, "h", required=True) userhmac = parse_string(request, "h", required=True, encoding=None)
self._check_hash(username, userhmac) self._check_hash(username, userhmac)
@ -175,7 +175,7 @@ class ConsentResource(Resource):
""" """
version = parse_string(request, "v", required=True) version = parse_string(request, "v", required=True)
username = parse_string(request, "u", required=True) username = parse_string(request, "u", required=True)
userhmac = parse_string(request, "h", required=True) userhmac = parse_string(request, "h", required=True, encoding=None)
self._check_hash(username, userhmac) self._check_hash(username, userhmac)
@ -210,9 +210,18 @@ class ConsentResource(Resource):
finish_request(request) finish_request(request)
def _check_hash(self, userid, userhmac): def _check_hash(self, userid, userhmac):
"""
Args:
userid (unicode):
userhmac (bytes):
Raises:
SynapseError if the hash doesn't match
"""
want_mac = hmac.new( want_mac = hmac.new(
key=self._hmac_secret, key=self._hmac_secret,
msg=userid, msg=userid.encode('utf-8'),
digestmod=sha256, digestmod=sha256,
).hexdigest() ).hexdigest()