diff options
author | Erik Johnston <erik@matrix.org> | 2016-07-06 14:46:31 +0100 |
---|---|---|
committer | Erik Johnston <erik@matrix.org> | 2016-07-06 14:46:31 +0100 |
commit | a17e7caeb708f267e8ac2b18404a098e90792834 (patch) | |
tree | 2dee0e30691c1a9fd30ee9d674c8c5a6cfe7e7de /synapse/rest/client/v1 | |
parent | Add ReadWriteLock for pagination and history prune (diff) | |
parent | Check that there are no null bytes in user and passsword (diff) | |
download | synapse-a17e7caeb708f267e8ac2b18404a098e90792834.tar.xz |
Merge branch 'erikj/shared_secret' into erikj/test2
Diffstat (limited to 'synapse/rest/client/v1')
-rw-r--r-- | synapse/rest/client/v1/register.py | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/synapse/rest/client/v1/register.py b/synapse/rest/client/v1/register.py index d791d5e07e..ce7099b18f 100644 --- a/synapse/rest/client/v1/register.py +++ b/synapse/rest/client/v1/register.py @@ -324,6 +324,14 @@ class RegisterRestServlet(ClientV1RestServlet): raise SynapseError(400, "Shared secret registration is not enabled") user = register_json["user"].encode("utf-8") + password = register_json["password"].encode("utf-8") + admin = register_json.get("admin", None) + + # Its important to check as we use null bytes as HMAC field separators + if "\x00" in user: + raise SynapseError(400, "Invalid user") + if "\x00" in password: + raise SynapseError(400, "Invalid password") # str() because otherwise hmac complains that 'unicode' does not # have the buffer interface @@ -331,17 +339,21 @@ class RegisterRestServlet(ClientV1RestServlet): want_mac = hmac.new( key=self.hs.config.registration_shared_secret, - msg=user, digestmod=sha1, - ).hexdigest() - - password = register_json["password"].encode("utf-8") + ) + want_mac.update(user) + want_mac.update("\x00") + want_mac.update(password) + want_mac.update("\x00") + want_mac.update("admin" if admin else "notadmin") + want_mac = want_mac.hexdigest() if compare_digest(want_mac, got_mac): handler = self.handlers.registration_handler user_id, token = yield handler.register( localpart=user, password=password, + admin=bool(admin), ) self._remove_session(session) defer.returnValue({ |