Construct HMAC as bytes on py3

Signed-off-by: Adrian Tschira <nota@notafile.com>
2025-05-02 21:14:52 -04:00 · 2018-04-28 23:53:07 +02:00 · 2018-04-28 23:53:07 +02:00 · 122593265b
commit 122593265b
parent 9558236728
2 changed files with 15 additions and 11 deletions
--- a/synapse/rest/client/v2_alpha/register.py
+++ b/synapse/rest/client/v2_alpha/register.py
@ -35,6 +35,8 @@ from hashlib import sha1
 from synapse.util.async import run_on_reactor
 from synapse.util.ratelimitutils import FederationRateLimiter

+from six import string_types
+

 # We ought to be using hmac.compare_digest() but on older pythons it doesn't
 # exist. It's a _really minor_ security flaw to use plain string comparison
@ -210,14 +212,14 @@ class RegisterRestServlet(RestServlet):
        # in sessions. Pull out the username/password provided to us.
        desired_password = None
        if 'password' in body:
-            if (not isinstance(body['password'], basestring) or
+            if (not isinstance(body['password'], string_types) or
                    len(body['password']) > 512):
                raise SynapseError(400, "Invalid password")
            desired_password = body["password"]

        desired_username = None
        if 'username' in body:
-            if (not isinstance(body['username'], basestring) or
+            if (not isinstance(body['username'], string_types) or
                    len(body['username']) > 512):
                raise SynapseError(400, "Invalid username")
            desired_username = body['username']
@ -243,7 +245,7 @@ class RegisterRestServlet(RestServlet):

            access_token = get_access_token_from_request(request)

-            if isinstance(desired_username, basestring):
+            if isinstance(desired_username, string_types):
                result = yield self._do_appservice_registration(
                    desired_username, access_token, body
                )
@ -464,7 +466,7 @@ class RegisterRestServlet(RestServlet):
        # includes the password and admin flag in the hashed text. Why are
        # these different?
        want_mac = hmac.new(
-            key=self.hs.config.registration_shared_secret,
+            key=self.hs.config.registration_shared_secret.encode(),
            msg=user,
            digestmod=sha1,
        ).hexdigest()