summary refs log tree commit diff
diff options
context:
space:
mode:
authorSteven Hammerton <steven.hammerton@openmarket.com>2015-11-17 10:58:05 +0000
committerSteven Hammerton <steven.hammerton@openmarket.com>2015-11-17 10:58:05 +0000
commitf20d064e05b1641162f36303139a611a97b6890e (patch)
tree6d13435772f26ae1cda14e731700b19c2d94f680
parentMerge branch 'develop' into sh-cas-auth-via-homeserver (diff)
downloadsynapse-f20d064e05b1641162f36303139a611a97b6890e.tar.xz
Always check guest = true in macaroons
-rw-r--r--synapse/api/auth.py3
1 files changed, 2 insertions, 1 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index 7fbbd89179..8111b34428 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -589,7 +589,7 @@ class Auth(object):
             macaroon = pymacaroons.Macaroon.deserialize(macaroon_str)
             self.validate_macaroon(
                 macaroon, "access",
-                [lambda c: c == "guest = true", lambda c: c.startswith("time < ")]
+                [lambda c: c.startswith("time < ")]
             )
 
             user_prefix = "user_id = "
@@ -643,6 +643,7 @@ class Auth(object):
         v.satisfy_exact("gen = 1")
         v.satisfy_exact("type = " + type_string)
         v.satisfy_general(lambda c: c.startswith("user_id = "))
+        v.satisfy_exact("guest = true")
 
         for validation_function in additional_validation_functions:
             v.satisfy_general(validation_function)