diff options
author | Steven Hammerton <steven.hammerton@openmarket.com> | 2015-11-17 10:58:05 +0000 |
---|---|---|
committer | Steven Hammerton <steven.hammerton@openmarket.com> | 2015-11-17 10:58:05 +0000 |
commit | f20d064e05b1641162f36303139a611a97b6890e (patch) | |
tree | 6d13435772f26ae1cda14e731700b19c2d94f680 /synapse/api | |
parent | Merge branch 'develop' into sh-cas-auth-via-homeserver (diff) | |
download | synapse-f20d064e05b1641162f36303139a611a97b6890e.tar.xz |
Always check guest = true in macaroons
Diffstat (limited to '')
-rw-r--r-- | synapse/api/auth.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py index 7fbbd89179..8111b34428 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -589,7 +589,7 @@ class Auth(object): macaroon = pymacaroons.Macaroon.deserialize(macaroon_str) self.validate_macaroon( macaroon, "access", - [lambda c: c == "guest = true", lambda c: c.startswith("time < ")] + [lambda c: c.startswith("time < ")] ) user_prefix = "user_id = " @@ -643,6 +643,7 @@ class Auth(object): v.satisfy_exact("gen = 1") v.satisfy_exact("type = " + type_string) v.satisfy_general(lambda c: c.startswith("user_id = ")) + v.satisfy_exact("guest = true") for validation_function in additional_validation_functions: v.satisfy_general(validation_function) |