Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Merge pull request #3732 from matrix-org/rav/fix_gdpr_consent
Browse files Browse the repository at this point in the history 
Fix 500 error from /consent form
  • Loading branch information
@richvdh
richvdh authored Aug 22, 2018
2 parents 3b5b64a + afb4b49 commit d7585a4
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 3 deletions.
1 change: 1 addition & 0 deletions changelog.d/3732.bugfix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Fix bug introduced in v0.33.3rc1 which made the ToS give a 500 error
15 changes: 12 additions & 3 deletions synapse/rest/consent/consent_resource.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,7 @@ def _async_render_GET(self, request):
version = parse_string(request, "v",
default=self._default_consent_version)
username = parse_string(request, "u", required=True)
userhmac = parse_string(request, "h", required=True)
userhmac = parse_string(request, "h", required=True, encoding=None)

self._check_hash(username, userhmac)

Expand Down Expand Up @@ -175,7 +175,7 @@ def _async_render_POST(self, request):
"""
version = parse_string(request, "v", required=True)
username = parse_string(request, "u", required=True)
userhmac = parse_string(request, "h", required=True)
userhmac = parse_string(request, "h", required=True, encoding=None)

self._check_hash(username, userhmac)

Expand Down Expand Up @@ -210,9 +210,18 @@ def _render_template(self, request, template_name, **template_args):
finish_request(request)

def _check_hash(self, userid, userhmac):
"""
Args:
userid (unicode):
userhmac (bytes):
Raises:
SynapseError if the hash doesn't match
"""
want_mac = hmac.new(
key=self._hmac_secret,
msg=userid,
msg=userid.encode('utf-8'),
digestmod=sha256,
).hexdigest()

Expand Down

0 comments on commit d7585a4

Please sign in to comment.