Merge pull request #86 from Half-Shot/patch-1
User types should be part of the hmac
This commit is contained in:
commit
4aada15bbe
1 changed files with 6 additions and 3 deletions
|
@ -33,7 +33,7 @@ def registration_secrets() -> Dict[str, Dict[str, str]]:
|
|||
return get_config()["registration_secrets"]
|
||||
|
||||
|
||||
def generate_mac(secret: str, nonce: str, user: str, password: str, admin: bool = False):
|
||||
def generate_mac(secret: str, nonce: str, user: str, password: str, admin: bool = False, user_type: str = None):
|
||||
mac = hmac.new(key=secret.encode("utf-8"), digestmod=hashlib.sha1)
|
||||
mac.update(nonce.encode("utf-8"))
|
||||
mac.update(b"\x00")
|
||||
|
@ -42,6 +42,9 @@ def generate_mac(secret: str, nonce: str, user: str, password: str, admin: bool
|
|||
mac.update(password.encode("utf-8"))
|
||||
mac.update(b"\x00")
|
||||
mac.update(b"admin" if admin else b"notadmin")
|
||||
if user_type is not None:
|
||||
mac.update(b"\x00")
|
||||
mac.update(user_type.encode("utf8"))
|
||||
return mac.hexdigest()
|
||||
|
||||
|
||||
|
@ -75,7 +78,7 @@ async def read_client_auth_request(request: web.Request) -> Tuple[Optional[AuthR
|
|||
except KeyError:
|
||||
return None, resp.invalid_server
|
||||
api = HTTPAPI(base_url, "", loop=get_loop())
|
||||
user_type = body.get("user_type", None)
|
||||
user_type = body.get("user_type", "bot")
|
||||
return AuthRequestInfo(api, secret, username, password, user_type), None
|
||||
|
||||
|
||||
|
@ -87,7 +90,7 @@ async def register(request: web.Request) -> web.Response:
|
|||
api, secret, username, password, user_type = info
|
||||
res = await api.request(Method.GET, Path.admin.register)
|
||||
nonce = res["nonce"]
|
||||
mac = generate_mac(secret, nonce, username, password)
|
||||
mac = generate_mac(secret, nonce, username, password, user_type)
|
||||
try:
|
||||
return web.json_response(await api.request(Method.POST, Path.admin.register, content={
|
||||
"nonce": nonce,
|
||||
|
|
Loading…
Reference in a new issue