Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sydent does not enforce the spec's regex for client_secret #247

Closed
anoadragon453 opened this issue Jan 22, 2020 · 1 comment
Closed

Sydent does not enforce the spec's regex for client_secret #247

anoadragon453 opened this issue Jan 22, 2020 · 1 comment
Assignees
@anoadragon453

Comments

@anoadragon453
Copy link
Member

anoadragon453 commented Jan 22, 2020
edited
Loading

The spec states that we should enforce a regex on client_secret. Sydent currently does not do this.

Similar to matrix-org/synapse#6766, we need to temporarily add the : character to the approved spec to support clients that don't follow the original regex. We will eventually remove this in a future release, once clients have had a chance to update.

PR with :: #246
@anoadragon453 anoadragon453 self-assigned this Jan 22, 2020
@anoadragon453
Copy link
Member Author

anoadragon453 commented Sep 27, 2021
edited
Loading

The current regex no longer has : in it:

sydent/sydent/util/stringutils.py

Line 21 in 7a60521

CLIENT_SECRET_REGEX = re.compile(r"^[0-9a-zA-Z\.=_\-]+$")

It was removed in #309.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@anoadragon453 anoadragon453

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@anoadragon453