From fd379b0108979e2aea98f69c71637c5b9d7ff4c2 Mon Sep 17 00:00:00 2001 From: Will Hunt Date: Thu, 20 Feb 2020 14:36:29 +0000 Subject: [PATCH 1/3] User types are part of the hmac https://github.com/matrix-org/synapse/blob/b98971e8a437eb3903506eadbefdf6cb2e0853d6/synapse/_scripts/register_new_matrix_user.py#L62-L71 --- maubot/management/api/client_auth.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/maubot/management/api/client_auth.py b/maubot/management/api/client_auth.py index f83002f..faf318e 100644 --- a/maubot/management/api/client_auth.py +++ b/maubot/management/api/client_auth.py @@ -33,7 +33,7 @@ def registration_secrets() -> Dict[str, Dict[str, str]]: return get_config()["registration_secrets"] -def generate_mac(secret: str, nonce: str, user: str, password: str, admin: bool = False): +def generate_mac(secret: str, nonce: str, user: str, password: str, admin: bool = False, user_type: str = None): mac = hmac.new(key=secret.encode("utf-8"), digestmod=hashlib.sha1) mac.update(nonce.encode("utf-8")) mac.update(b"\x00") @@ -42,6 +42,9 @@ def generate_mac(secret: str, nonce: str, user: str, password: str, admin: bool mac.update(password.encode("utf-8")) mac.update(b"\x00") mac.update(b"admin" if admin else b"notadmin") + if user_type is not None: + mac.update(b"\x00") + mac.update(user_type.encode("utf8")) return mac.hexdigest() From ec58900cf2c59bc4a2ef2acdb5ea03607757ea89 Mon Sep 17 00:00:00 2001 From: Will Hunt Date: Thu, 20 Feb 2020 14:39:26 +0000 Subject: [PATCH 2/3] Actually use user_type, and make it default to "bot" --- maubot/management/api/client_auth.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/maubot/management/api/client_auth.py b/maubot/management/api/client_auth.py index faf318e..91fab07 100644 --- a/maubot/management/api/client_auth.py +++ b/maubot/management/api/client_auth.py @@ -88,9 +88,11 @@ async def register(request: web.Request) -> web.Response: if err is not None: return err api, secret, username, password, user_type = info + if user_type is None: + user_type = "bot" res = await api.request(Method.GET, Path.admin.register) nonce = res["nonce"] - mac = generate_mac(secret, nonce, username, password) + mac = generate_mac(secret, nonce, username, password, user_type) try: return web.json_response(await api.request(Method.POST, Path.admin.register, content={ "nonce": nonce, From c4aee0d1eb18685427274e4f390ae8b0483547ac Mon Sep 17 00:00:00 2001 From: Will Hunt Date: Wed, 4 Mar 2020 13:31:45 +0000 Subject: [PATCH 3/3] Update client_auth.py --- maubot/management/api/client_auth.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/maubot/management/api/client_auth.py b/maubot/management/api/client_auth.py index 91fab07..867867a 100644 --- a/maubot/management/api/client_auth.py +++ b/maubot/management/api/client_auth.py @@ -78,7 +78,7 @@ async def read_client_auth_request(request: web.Request) -> Tuple[Optional[AuthR except KeyError: return None, resp.invalid_server api = HTTPAPI(base_url, "", loop=get_loop()) - user_type = body.get("user_type", None) + user_type = body.get("user_type", "bot") return AuthRequestInfo(api, secret, username, password, user_type), None @@ -88,8 +88,6 @@ async def register(request: web.Request) -> web.Response: if err is not None: return err api, secret, username, password, user_type = info - if user_type is None: - user_type = "bot" res = await api.request(Method.GET, Path.admin.register) nonce = res["nonce"] mac = generate_mac(secret, nonce, username, password, user_type)