Add an admin option to shared secret registration (breaks backwards compat) #909

erikjohnston · Jul 5, 2016

No description provided.

What happens if someone creates a user with password = "password" and admin=False and then someone nicks their mac and registers a user with password = "passwordnot" and admin=True?

Similar thoughts on shifting characters between the "user" and "password" fields.

Yeah, leo just brought that up in the sytest PR. I've added null separators, which I think makes it fine?

NegativeMjark · Jul 6, 2016

Looks like it might work.

erikjohnston assigned NegativeMjark Jul 5, 2016

erikjohnston referenced this pull request in matrix-org/sytest Jul 6, 2016
Merged
Test registering via shared secret #259

richvdh deleted the erikj/shared_secret branch Dec 1, 2016

                  digestmod=sha1,
-    -        ).hexdigest()
-    -
-    -        password = register_json["password"].encode("utf-8")
+    +        )
+    +        want_mac.update(user)
+    +        want_mac.update(password)
+    +        want_mac.update("admin" if admin else "notadmin")

matrix-org/synapse

Add an admin option to shared secret registration (breaks backwards compat) #909

erikjohnston commented Jul 5, 2016

erikjohnston added some commits Jul 5, 2016

erikjohnston assigned NegativeMjark Jul 5, 2016

erikjohnston added some commits Jul 5, 2016

NegativeMjark and 1 other commented on an outdated diff Jul 6, 2016

erikjohnston referenced this pull request in matrix-org/sytest Jul 6, 2016

Test registering via shared secret #259

NegativeMjark commented Jul 6, 2016

erikjohnston merged commit `f0c06ac` into develop Jul 6, 2016
10 checks passed

10 checks passed

richvdh deleted the erikj/shared_secret branch Dec 1, 2016

matrix-org/synapse

Join GitHub today

Add an admin option to shared secret registration (breaks backwards compat) #909

Conversation

erikjohnston commented Jul 5, 2016

erikjohnston added some commits Jul 5, 2016

Some checks were not successful

erikjohnston assigned NegativeMjark Jul 5, 2016

erikjohnston added some commits Jul 5, 2016

Some checks were not successful

All checks have passed

Show 3 comments Hide comments NegativeMjark and 1 other commented on an outdated diff Jul 6, 2016

NegativeMjark Jul 6, 2016

NegativeMjark Jul 6, 2016

erikjohnston Jul 6, 2016

All checks have passed

erikjohnston referenced this pull request in matrix-org/sytest Jul 6, 2016

Test registering via shared secret #259

All checks have passed

NegativeMjark commented Jul 6, 2016

Hide details View details erikjohnston merged commit f0c06ac into develop Jul 6, 2016 10 checks passed

10 checks passed

richvdh deleted the erikj/shared_secret branch Dec 1, 2016

NegativeMjark and 1 other commented on an outdated diff Jul 6, 2016

erikjohnston merged commit `f0c06ac` into develop Jul 6, 2016
10 checks passed