Skip to content
This repository was archived by the owner on Apr 26, 2024. It is now read-only.
This repository was archived by the owner on Apr 26, 2024. It is now read-only.

Synapse does not correctly enforce the spec's regex for client_secret #6766

Closed
#8101
Closed
Synapse does not correctly enforce the spec's regex for client_secret#6766
#8101
Assignees
anoadragon453
Labels
A-Spec-Complianceplaces where synapse does not conform to the specZ-Help-WantedWe know exactly how to fix this issue, and would be grateful for any contributionz-bug(Deprecated Label)z-p2(Deprecated Label)
@anoadragon453

Description

@anoadragon453
anoadragon453
opened on Jan 22, 2020

The spec states that we should enforce a regex on client_secret. Synapse currently does not do this.

As a result of this, FluffyChat has started sending client_secret parameters that do not comply with the spec: https://gitlab.com/ChristianPauly/fluffychat/issues/160 Specifically, it sends client_secret values with : in them.

#6767 is written to allow client_secret to take : values, while otherwise respecting the specification. This will allow older versions of FluffyChat to continue working while a fix in put in place and people upgrade.

Eventually we will remove : from the client_secret regex, and will use this as a tracking issue for that.

Metadata

Metadata

Assignees

Labels

A-Spec-Complianceplaces where synapse does not conform to the specZ-Help-WantedWe know exactly how to fix this issue, and would be grateful for any contributionz-bug(Deprecated Label)z-p2(Deprecated Label)

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions