matrix-synapse 1.141.0rc1__cp39-abi3-macosx_11_0_arm64.whl → 1.141.0rc2__cp39-abi3-macosx_11_0_arm64.whl

{matrix_synapse-1.141.0rc1.dist-info → matrix_synapse-1.141.0rc2.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: matrix-synapse
-Version: 1.141.0rc1
+Version: 1.141.0rc2
 Summary: Homeserver for the Matrix decentralised comms protocol
 License: AGPL-3.0-or-later OR LicenseRef-Element-Commercial
 Author: Matrix.org Team and Contributors

{matrix_synapse-1.141.0rc1.dist-info → matrix_synapse-1.141.0rc2.dist-info}/RECORD

@@ -1,10 +1,10 @@
-matrix_synapse-1.141.0rc1.dist-info/RECORD,,
-matrix_synapse-1.141.0rc1.dist-info/LICENSE-AGPL-3.0,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-matrix_synapse-1.141.0rc1.dist-info/LICENSE-COMMERCIAL,sha256=EZfebSnFA3xtm1w2B9cuqpC1BF8tYjQA6HCCX9z3Zm4,255
-matrix_synapse-1.141.0rc1.dist-info/WHEEL,sha256=scg0IzB77chy-_40STvfbf7iGhX6kulz7EDsXzX0T_8,132
-matrix_synapse-1.141.0rc1.dist-info/entry_points.txt,sha256=Xf4Z-Sp4lk8P9pbRhSD40XrhhkooqYWm1OtxUlPwPgs,709
-matrix_synapse-1.141.0rc1.dist-info/AUTHORS.rst,sha256=KvPRmsv8L-ZN9AA51KsR-4fZu0ajfkCbSNNH9rhRUO4,1611
-matrix_synapse-1.141.0rc1.dist-info/METADATA,sha256=pxJtdnCUBZLV1lw3Xfdjd5Bl8etqURcHTEfKrIxjD7s,17005
+matrix_synapse-1.141.0rc2.dist-info/RECORD,,
+matrix_synapse-1.141.0rc2.dist-info/LICENSE-AGPL-3.0,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+matrix_synapse-1.141.0rc2.dist-info/LICENSE-COMMERCIAL,sha256=EZfebSnFA3xtm1w2B9cuqpC1BF8tYjQA6HCCX9z3Zm4,255
+matrix_synapse-1.141.0rc2.dist-info/WHEEL,sha256=scg0IzB77chy-_40STvfbf7iGhX6kulz7EDsXzX0T_8,132
+matrix_synapse-1.141.0rc2.dist-info/entry_points.txt,sha256=Xf4Z-Sp4lk8P9pbRhSD40XrhhkooqYWm1OtxUlPwPgs,709
+matrix_synapse-1.141.0rc2.dist-info/AUTHORS.rst,sha256=KvPRmsv8L-ZN9AA51KsR-4fZu0ajfkCbSNNH9rhRUO4,1611
+matrix_synapse-1.141.0rc2.dist-info/METADATA,sha256=3cIxSPUcTj5AgpZRyjRGEy4ijsmdkequvwO5-bc2ddw,17005
 synapse/server.py,sha256=3JfefqrjLSeX7Gv8ZA9E103E4O6l05uDkfIghkAfNxg,45069
 synapse/synapse_rust.abi3.so,sha256=c8Hr_z19BOOySFjzivUlQep5buKDZv-KOxKpsEVZsmg,10483184
 synapse/event_auth.py,sha256=fTm9uAf2iC6bIJuP7QH_7zz26VrqPLIqsoXKXkGINME,47090
@@ -206,7 +206,7 @@ synapse/_scripts/move_remote_media_to_new_store.py,sha256=VOGFBrZM3qBW4ysmdD8XW9
 synapse/_scripts/export_signing_key.py,sha256=i-7-vXYNpWRUvPJZNGcWgZ78pVNtHcd-j5VKI8JP9wk,2831
 synapse/_scripts/update_synapse_database.py,sha256=RGj8-lFjFB74WgUjTZXi-zkGcMWYR10eyg2GtMJ1YFQ,4005
 synapse/_scripts/register_new_matrix_user.py,sha256=CIdZpokRTis07Jw3SyUeH3WX-zPBJLEHh_4Gs_NSwbs,10757
-synapse/_scripts/hash_password.py,sha256=TFXUhlFStn35ZLN88j6rxN-odU9HRkge5VmZlO5_WaQ,2612
+synapse/_scripts/hash_password.py,sha256=m6NTSEkFMyvUc4bEBtRGpF-fUBZKPmL1slrVrqKQU14,2621
 synapse/_scripts/generate_config.py,sha256=KaYWiSVP50PQnhDvrfW6iKiIsPDn_PeAKnm43Tsklqo,2336
 synapse/_scripts/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 synapse/_scripts/synapse_port_db.py,sha256=lrXRqYTd2T3eWJb7lHT4ZufXHvf3dWOepQ7n6Dp0O1c,56646
@@ -873,7 +873,7 @@ synapse/server_notices/resource_limits_server_notices.py,sha256=VpFHZn1DTkpmVjSK
 synapse/server_notices/worker_server_notices_sender.py,sha256=SYuUXW1yYSIO1bEvaRKXD8DPdCVJ3hDbzrAaDBD50Qo,1388
 synapse/server_notices/server_notices_manager.py,sha256=pGqkoJrmOGpx5rjL0W0yJ151YesdZP9_dgM3Vzy9vDY,14620
 synapse/handlers/sync.py,sha256=di99Dk_f8KQmDN0WZiFvn0vPn2jQ0N5YmH3wJqiFBSw,132288
-synapse/handlers/auth.py,sha256=avmeBUbyBSXDcOk_-LyMVeBvWcUDWXAx0Rts8gnO1xY,100397
+synapse/handlers/auth.py,sha256=MtwCo5_HDILviQdHtg6WEz2hHtLKe5qhDPf8jDyMAso,100948
 synapse/handlers/oidc.py,sha256=h6Xn5-C_rnD-4IvCu4Lp_sAPKBOskf4WFaLfAOZezcw,71896
 synapse/handlers/push_rules.py,sha256=WkYG-vbbavU8V-pKuWSdwMQLEkHupvuCJIXqS4SpRFI,6062
 synapse/handlers/e2e_keys.py,sha256=OOGG7GVdNTrRfmwYM5GnqYYC7BFFwDtNkkDqSCzMpbg,75373

synapse/_scripts/hash_password.py

@@ -77,7 +77,7 @@ def main() -> None:
     if len(bytes_to_hash) > 72:
         # bcrypt only looks at the first 72 bytes
         print(
-            f"Password is too long ({len(bytes_to_hash)} bytes); truncating to 72 bytes for bcrypt. "
+            f"Password + pepper is too long ({len(bytes_to_hash)} bytes); truncating to 72 bytes for bcrypt. "
             "This is expected behaviour and will not affect a user's ability to log in. 72 bytes is "
             "sufficient entropy for a password."
         )

synapse/handlers/auth.py

@@ -1691,7 +1691,7 @@ class AuthHandler:
                 #
                 # Note: we explicitly DO NOT log the length of the user's password here.
                 logger.debug(
-                    "Password is too long; truncating to 72 bytes for bcrypt. "
+                    "Password + pepper is too long; truncating to 72 bytes for bcrypt. "
                     "This is expected behaviour and will not affect a user's ability to log in. 72 bytes is "
                     "sufficient entropy for a password."
                 )
@@ -1720,9 +1720,20 @@ class AuthHandler:
         def _do_validate_hash(checked_hash: bytes) -> bool:
             # Normalise the Unicode in the password
             pw = unicodedata.normalize("NFKC", password)
+            password_pepper = self.hs.config.auth.password_pepper
+
+            bytes_to_hash = pw.encode("utf8") + password_pepper.encode("utf8")
+            if len(bytes_to_hash) > 72:
+                # bcrypt only looks at the first 72 bytes
+                logger.debug(
+                    "Password + pepper is too long; truncating to 72 bytes for bcrypt. "
+                    "This is expected behaviour and will not affect a user's ability to log in. 72 bytes is "
+                    "sufficient entropy for a password."
+                )
+                bytes_to_hash = bytes_to_hash[:72]
 
             return bcrypt.checkpw(
-                pw.encode("utf8") + self.hs.config.auth.password_pepper.encode("utf8"),
+                bytes_to_hash,
                 checked_hash,
             )