Mirrors
/
synapse
mirror of https://github.com/element-hq/synapse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'rav/fix_gdpr_consent' into matrix-org-hotfixes

This commit is contained in:
Richard van der Hoff 2018-08-21 22:54:35 +01:00
parent d1065e6f51 f7baff6f7b
commit 638c0bf49b
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
synapse/rest/consent/consent_resource.py
View File

@ -175,7 +175,7 @@ class ConsentResource(Resource):
""" """
version = parse_string(request, "v", required=True) version = parse_string(request, "v", required=True)
username = parse_string(request, "u", required=True) username = parse_string(request, "u", required=True)
userhmac = parse_string(request, "h", required=True) userhmac = parse_string(request, "h", required=True, encoding=None)
self._check_hash(username, userhmac) self._check_hash(username, userhmac)
@ -210,9 +210,18 @@ class ConsentResource(Resource):
finish_request(request) finish_request(request)
def _check_hash(self, userid, userhmac): def _check_hash(self, userid, userhmac):
"""
Args:
userid (unicode):
userhmac (bytes):
Raises:
SynapseError if the hash doesn't match
"""
want_mac = hmac.new( want_mac = hmac.new(
key=self._hmac_secret, key=self._hmac_secret,
msg=userid, msg=userid.encode('utf-8'),
digestmod=sha256, digestmod=sha256,
).hexdigest() ).hexdigest()