Merge pull request #312 from matrix-org/daniel/3pidinvites

Stuff signed data in a standalone object
This commit is contained in:
Daniel Wagner-Hall 2015-10-19 15:52:34 +01:00
commit 9261ef3a15
2 changed files with 15 additions and 8 deletions

View File

@ -14,7 +14,8 @@
# limitations under the License. # limitations under the License.
"""This module contains classes for authenticating the user.""" """This module contains classes for authenticating the user."""
from nacl.exceptions import BadSignatureError from signedjson.key import decode_verify_key_bytes
from signedjson.sign import verify_signed_json, SignatureVerifyException
from twisted.internet import defer from twisted.internet import defer
@ -26,7 +27,6 @@ from synapse.util import third_party_invites
from unpaddedbase64 import decode_base64 from unpaddedbase64 import decode_base64
import logging import logging
import nacl.signing
import pymacaroons import pymacaroons
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -416,16 +416,23 @@ class Auth(object):
key_validity_url key_validity_url
) )
return False return False
for _, signature_block in join_third_party_invite["signatures"].items(): signed = join_third_party_invite["signed"]
if signed["mxid"] != event.user_id:
return False
if signed["token"] != token:
return False
for server, signature_block in signed["signatures"].items():
for key_name, encoded_signature in signature_block.items(): for key_name, encoded_signature in signature_block.items():
if not key_name.startswith("ed25519:"): if not key_name.startswith("ed25519:"):
return False return False
verify_key = nacl.signing.VerifyKey(decode_base64(public_key)) verify_key = decode_verify_key_bytes(
signature = decode_base64(encoded_signature) key_name,
verify_key.verify(token, signature) decode_base64(public_key)
)
verify_signed_json(signed, server, verify_key)
return True return True
return False return False
except (KeyError, BadSignatureError,): except (KeyError, SignatureVerifyException,):
return False return False
def _get_power_level_event(self, auth_events): def _get_power_level_event(self, auth_events):

View File

@ -23,8 +23,8 @@ JOIN_KEYS = {
"token", "token",
"public_key", "public_key",
"key_validity_url", "key_validity_url",
"signatures",
"sender", "sender",
"signed",
} }