diff options
author | Richard van der Hoff <github@rvanderhoff.org.uk> | 2016-08-08 17:43:02 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-08-08 17:43:02 +0100 |
commit | d3250499c1092415249dc8b24e8a3030e44da93d (patch) | |
tree | 3e7b9a5786caf92f89bad6539a4aa9a9ef2bc5a8 /synapse/handlers | |
parent | Merge branch 'release-v0.17.0' of github.com:matrix-org/synapse (diff) | |
parent | PEP8 (diff) | |
download | synapse-d3250499c1092415249dc8b24e8a3030e44da93d.tar.xz |
Merge pull request #993 from matrix-org/rav/fix_token_login
Fix token login
Diffstat (limited to '')
-rw-r--r-- | synapse/handlers/auth.py | 17 |
1 files changed, 4 insertions, 13 deletions
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py index 2e138f328f..1d3641b7a7 100644 --- a/synapse/handlers/auth.py +++ b/synapse/handlers/auth.py @@ -720,10 +720,11 @@ class AuthHandler(BaseHandler): def validate_short_term_login_token_and_get_user_id(self, login_token): try: - macaroon = pymacaroons.Macaroon.deserialize(login_token) auth_api = self.hs.get_auth() - auth_api.validate_macaroon(macaroon, "login", True) - return self.get_user_from_macaroon(macaroon) + macaroon = pymacaroons.Macaroon.deserialize(login_token) + user_id = auth_api.get_user_id_from_macaroon(macaroon) + auth_api.validate_macaroon(macaroon, "login", True, user_id) + return user_id except (pymacaroons.exceptions.MacaroonException, TypeError, ValueError): raise AuthError(401, "Invalid token", errcode=Codes.UNKNOWN_TOKEN) @@ -736,16 +737,6 @@ class AuthHandler(BaseHandler): macaroon.add_first_party_caveat("user_id = %s" % (user_id,)) return macaroon - def get_user_from_macaroon(self, macaroon): - user_prefix = "user_id = " - for caveat in macaroon.caveats: - if caveat.caveat_id.startswith(user_prefix): - return caveat.caveat_id[len(user_prefix):] - raise AuthError( - self.INVALID_TOKEN_HTTP_STATUS, "No user_id found in token", - errcode=Codes.UNKNOWN_TOKEN - ) - @defer.inlineCallbacks def set_password(self, user_id, newpassword, requester=None): password_hash = self.hash(newpassword) |