1818import hmac
1919import logging
2020import re
21- from hashlib import sha1
2221
2322from six import string_types
2423
@@ -272,8 +271,8 @@ def on_POST(self, request):
272271 if self .auth .has_access_token (request ):
273272 appservice = yield self .auth .get_appservice_by_req (request )
274273
275- # fork off as soon as possible for ASes and shared secret auth which
276- # have completely different registration flows to normal users
274+ # fork off as soon as possible for ASes which have completely
275+ # different registration flows to normal users
277276
278277 # == Application Service Registration ==
279278 if appservice :
@@ -300,25 +299,15 @@ def on_POST(self, request):
300299 return (200 , result ) # we throw for non 200 responses
301300 return
302301
303- # for either shared secret or regular registration, downcase the
304- # provided username before attempting to register it. This should mean
302+ # for regular registration, downcase the provided username before
303+ # attempting to register it. This should mean
305304 # that people who try to register with upper-case in their usernames
306305 # don't get a nasty surprise. (Note that we treat username
307306 # case-insenstively in login, so they are free to carry on imagining
308307 # that their username is CrAzYh4cKeR if that keeps them happy)
309308 if desired_username is not None :
310309 desired_username = desired_username .lower ()
311310
312- # == Shared Secret Registration == (e.g. create new user scripts)
313- if "mac" in body :
314- # FIXME: Should we really be determining if this is shared secret
315- # auth based purely on the 'mac' key?
316- result = yield self ._do_shared_secret_registration (
317- desired_username , desired_password , body
318- )
319- return (200 , result ) # we throw for non 200 responses
320- return
321-
322311 # == Normal User Registration == (everyone else)
323312 if not self .hs .config .enable_registration :
324313 raise SynapseError (403 , "Registration has been disabled" )
@@ -637,42 +626,6 @@ def _do_appservice_registration(
637626
638627 return result
639628
640- @defer .inlineCallbacks
641- def _do_shared_secret_registration (self , username , password , body ):
642- if not self .hs .config .registration_shared_secret :
643- raise SynapseError (400 , "Shared secret registration is not enabled" )
644- if not username :
645- raise SynapseError (
646- 400 , "username must be specified" , errcode = Codes .BAD_JSON
647- )
648-
649- # use the username from the original request rather than the
650- # downcased one in `username` for the mac calculation
651- user = body ["username" ].encode ("utf-8" )
652-
653- # str() because otherwise hmac complains that 'unicode' does not
654- # have the buffer interface
655- got_mac = str (body ["mac" ])
656-
657- # FIXME this is different to the /v1/register endpoint, which
658- # includes the password and admin flag in the hashed text. Why are
659- # these different?
660- want_mac = hmac .new (
661- key = self .hs .config .registration_shared_secret .encode (),
662- msg = user ,
663- digestmod = sha1 ,
664- ).hexdigest ()
665-
666- if not compare_digest (want_mac , got_mac ):
667- raise SynapseError (403 , "HMAC incorrect" )
668-
669- user_id = yield self .registration_handler .register_user (
670- localpart = username , password = password
671- )
672-
673- result = yield self ._create_registration_details (user_id , body )
674- return result
675-
676629 @defer .inlineCallbacks
677630 def _create_registration_details (self , user_id , params ):
678631 """Complete registration of newly-registered user
0 commit comments