diff options
| author | Adrian Tschira <nota@notafile.com> | 2018-04-28 23:53:07 +0200 |
|---|---|---|
| committer | Adrian Tschira <nota@notafile.com> | 2018-04-29 00:19:41 +0200 |
| commit | 122593265b4a10732b2e7fcfe2f5b2eba83d61d7 (patch) | |
| tree | 7c2266e44ed87ffe17f7d3cf8847031ea3310040 /synapse/rest/client/v2_alpha | |
| parent | Merge pull request #3127 from matrix-org/rav/deferred_timeout (diff) | |
| download | synapse-122593265b4a10732b2e7fcfe2f5b2eba83d61d7.tar.xz | |
Construct HMAC as bytes on py3
Signed-off-by: Adrian Tschira <nota@notafile.com>
Diffstat (limited to 'synapse/rest/client/v2_alpha')
| -rw-r--r-- | synapse/rest/client/v2_alpha/register.py | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/synapse/rest/client/v2_alpha/register.py b/synapse/rest/client/v2_alpha/register.py index f317c919dc..5cab00aea9 100644 --- a/synapse/rest/client/v2_alpha/register.py +++ b/synapse/rest/client/v2_alpha/register.py @@ -35,6 +35,8 @@ from hashlib import sha1 from synapse.util.async import run_on_reactor from synapse.util.ratelimitutils import FederationRateLimiter +from six import string_types + # We ought to be using hmac.compare_digest() but on older pythons it doesn't # exist. It's a _really minor_ security flaw to use plain string comparison @@ -210,14 +212,14 @@ class RegisterRestServlet(RestServlet): # in sessions. Pull out the username/password provided to us. desired_password = None if 'password' in body: - if (not isinstance(body['password'], basestring) or + if (not isinstance(body['password'], string_types) or len(body['password']) > 512): raise SynapseError(400, "Invalid password") desired_password = body["password"] desired_username = None if 'username' in body: - if (not isinstance(body['username'], basestring) or + if (not isinstance(body['username'], string_types) or len(body['username']) > 512): raise SynapseError(400, "Invalid username") desired_username = body['username'] @@ -243,7 +245,7 @@ class RegisterRestServlet(RestServlet): access_token = get_access_token_from_request(request) - if isinstance(desired_username, basestring): + if isinstance(desired_username, string_types): result = yield self._do_appservice_registration( desired_username, access_token, body ) @@ -464,7 +466,7 @@ class RegisterRestServlet(RestServlet): # includes the password and admin flag in the hashed text. Why are # these different? want_mac = hmac.new( - key=self.hs.config.registration_shared_secret, + key=self.hs.config.registration_shared_secret.encode(), msg=user, digestmod=sha1, ).hexdigest() |