Skip to content

Commit 634af9d

Browse files
jagermanjagerman
committed
Fix bad sig sizes
1 parent e5aa1b8 commit 634af9d

File tree

5 files changed

+36
-36
lines changed

5 files changed

+36
-36
lines changed

sogs/model/room.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -623,7 +623,7 @@ def add_post(
623623
if not self.check_write(user):
624624
raise BadPermission()
625625

626-
if data is None or sig is None or len(sig) != 32:
626+
if data is None or sig is None or len(sig) != 64:
627627
raise InvalidData()
628628

629629
whisper_mods = bool(whisper_mods)
@@ -709,7 +709,7 @@ def edit_post(self, user: User, msg_id: int, data: bytes, sig: bytes):
709709
if not self.check_write(user):
710710
raise BadPermission()
711711

712-
if data is None or sig is None or len(sig) != 32:
712+
if data is None or sig is None or len(sig) != 64:
713713
raise InvalidData()
714714

715715
filtered = self.should_filter(user, data)

tests/test_room_routes.py

Lines changed: 24 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
from sogs import utils
66
import sogs.config
77
import werkzeug.exceptions as wexc
8-
from util import pad32
8+
from util import pad64
99
from request import sogs_get, sogs_post, sogs_put
1010

1111

@@ -450,7 +450,7 @@ def test_polling(client, room, user, user2, mod, admin, global_mod, global_admin
450450
assert info_up == details['info_updates']
451451

452452
# Post a message should *not* change info_updates, but should change the message_sequence
453-
p1 = room.add_post(user, b'fake data', pad32(b'fake sig'))
453+
p1 = room.add_post(user, b'fake data', pad64(b'fake sig'))
454454

455455
r = sogs_get(client, f"/room/test-room/pollInfo/{info_up}", user)
456456
assert r.status_code == 200
@@ -461,7 +461,7 @@ def test_polling(client, room, user, user2, mod, admin, global_mod, global_admin
461461
assert r.json['message_sequence'] == details['message_sequence']
462462

463463
# Editing also should change message_sequence and not info_updates
464-
room.edit_post(user, p1['id'], b'more fake data', pad32(b'another fake sig'))
464+
room.edit_post(user, p1['id'], b'more fake data', pad64(b'another fake sig'))
465465
r = sogs_get(client, f"/room/test-room/pollInfo/{info_up}", user)
466466
assert r.status_code == 200
467467
assert 'details' not in r.json
@@ -478,7 +478,7 @@ def test_fetch_since(client, room, user, no_rate_limit):
478478
counts = (1, 1, 1, 2, 0, 3, 0, 0, 5, 7, 11, 12, 0, 25, 0, 101, 0, 203, 0, 100, 200)
479479
for n in counts:
480480
for i in range(counter + 1, counter + 1 + n):
481-
room.add_post(user, f"fake data {i}".encode(), pad32(f"fake sig {i}"))
481+
room.add_post(user, f"fake data {i}".encode(), pad64(f"fake sig {i}"))
482482
counter += n
483483

484484
done = False
@@ -503,7 +503,7 @@ def test_fetch_since(client, room, user, no_rate_limit):
503503
assert post['session_id'] == user.session_id
504504
assert post['seqno'] == j
505505
assert utils.decode_base64(post['data']) == f"fake data {j}".encode()
506-
assert utils.decode_base64(post['signature']) == pad32(f"fake sig {j}")
506+
assert utils.decode_base64(post['signature']) == pad64(f"fake sig {j}")
507507
assert -10 <= post['posted'] - time.time() <= 10
508508

509509
top_fetched = post['seqno']
@@ -535,7 +535,7 @@ def test_fetch_since(client, room, user, no_rate_limit):
535535

536536
def test_fetch_before(client, room, user, no_rate_limit):
537537
for i in range(1000):
538-
room.add_post(user, f"data-{i}".encode(), pad32(f"fake sig {i}"))
538+
room.add_post(user, f"data-{i}".encode(), pad64(f"fake sig {i}"))
539539

540540
url = "/room/test-room/messages/recent"
541541
r100 = sogs_get(client, url, user)
@@ -580,7 +580,7 @@ def test_fetch_before(client, room, user, no_rate_limit):
580580

581581

582582
def test_fetch_one(client, room, user, no_rate_limit):
583-
posts = [room.add_post(user, f"data-{i}".encode(), pad32(f"fake sig {i}")) for i in range(10)]
583+
posts = [room.add_post(user, f"data-{i}".encode(), pad64(f"fake sig {i}")) for i in range(10)]
584584

585585
for i in (5, 2, 8, 7, 9, 6, 10, 1, 3, 4):
586586
url = f"/room/test-room/message/{i}"
@@ -605,7 +605,7 @@ def filter_timestamps(x, fields=time_fields):
605605

606606
def test_pinning(client, room, user, admin, no_rate_limit):
607607
for i in range(10):
608-
room.add_post(user, f"data-{i}".encode(), pad32(f"fake sig {i}"))
608+
room.add_post(user, f"data-{i}".encode(), pad64(f"fake sig {i}"))
609609

610610
def room_json():
611611
r = sogs_get(client, "/room/test-room", user)
@@ -697,7 +697,7 @@ def room_json():
697697
def test_posting(client, room, user, user2, mod, global_mod):
698698

699699
url_post = "/room/test-room/message"
700-
d, s = (utils.encode_base64(x) for x in (b"post 1", pad32("sig 1")))
700+
d, s = (utils.encode_base64(x) for x in (b"post 1", pad64("sig 1")))
701701
r = sogs_post(client, url_post, {"data": d, "signature": s}, user)
702702
assert r.status_code == 201
703703

@@ -719,7 +719,7 @@ def test_posting(client, room, user, user2, mod, global_mod):
719719
def test_whisper_to(client, room, user, user2, mod, global_mod):
720720

721721
url_post = "/room/test-room/message"
722-
d, s = (utils.encode_base64(x) for x in (b"whisper 1", pad32("sig 1")))
722+
d, s = (utils.encode_base64(x) for x in (b"whisper 1", pad64("sig 1")))
723723
p = {"data": d, "signature": s, "whisper_to": user2.session_id}
724724

725725
# Regular users can't post whispers:
@@ -766,7 +766,7 @@ def test_whisper_to(client, room, user, user2, mod, global_mod):
766766
def test_whisper_mods(client, room, user, user2, mod, global_mod, admin):
767767

768768
url_post = "/room/test-room/message"
769-
d, s = (utils.encode_base64(x) for x in (b"whisper 1", pad32("sig 1")))
769+
d, s = (utils.encode_base64(x) for x in (b"whisper 1", pad64("sig 1")))
770770
p = {"data": d, "signature": s, "whisper_mods": True}
771771

772772
# Regular users can't post mod whispers:
@@ -807,7 +807,7 @@ def test_whisper_both(client, room, user, user2, mod, admin):
807807
# A whisper aimed at both a user *and* all mods (e.g. a warning to a user)
808808

809809
url_post = "/room/test-room/message"
810-
d, s = (utils.encode_base64(x) for x in (b"offensive post!", pad32("sig")))
810+
d, s = (utils.encode_base64(x) for x in (b"offensive post!", pad64("sig")))
811811
p = {"data": d, "signature": s}
812812
r = sogs_post(client, url_post, p, user)
813813
assert r.status_code == 201
@@ -825,17 +825,17 @@ def test_whisper_both(client, room, user, user2, mod, admin):
825825
p = {"data": d, "signature": s, "whisper_mods": True, "whisper_to": mod.session_id}
826826
r = sogs_post(client, url_post, p, user)
827827

828-
d, s = (utils.encode_base64(x) for x in (b"I'm going to scare this guy", pad32("sig2")))
828+
d, s = (utils.encode_base64(x) for x in (b"I'm going to scare this guy", pad64("sig2")))
829829
r = sogs_post(client, url_post, {"data": d, "signature": s, "whisper_mods": True}, mod)
830830
assert r.status_code == 201
831831
w1 = r.json
832832

833-
d, s = (utils.encode_base64(x) for x in (b"WTF, do you want a ban?", pad32("sig3")))
833+
d, s = (utils.encode_base64(x) for x in (b"WTF, do you want a ban?", pad64("sig3")))
834834
p = {"data": d, "signature": s, "whisper_to": user.session_id, "whisper_mods": True}
835835
r = sogs_post(client, url_post, p, mod)
836836
w2 = r.json
837837

838-
d, s = (utils.encode_base64(x) for x in (b"No please I'm sorry!!!", pad32("sig4")))
838+
d, s = (utils.encode_base64(x) for x in (b"No please I'm sorry!!!", pad64("sig4")))
839839
r = sogs_post(client, url_post, {"data": d, "signature": s}, user)
840840
msg2 = r.json
841841

@@ -845,14 +845,14 @@ def test_whisper_both(client, room, user, user2, mod, admin):
845845
'seqno': 1,
846846
'session_id': user.session_id,
847847
'data': utils.encode_base64('offensive post!'.encode()),
848-
'signature': utils.encode_base64(pad32('sig')),
848+
'signature': utils.encode_base64(pad64('sig')),
849849
},
850850
{
851851
'id': 2,
852852
'seqno': 2,
853853
'session_id': mod.session_id,
854854
'data': utils.encode_base64("I'm going to scare this guy".encode()),
855-
'signature': utils.encode_base64(pad32('sig2')),
855+
'signature': utils.encode_base64(pad64('sig2')),
856856
'whisper': True,
857857
'whisper_mods': True,
858858
},
@@ -861,7 +861,7 @@ def test_whisper_both(client, room, user, user2, mod, admin):
861861
'seqno': 3,
862862
'session_id': mod.session_id,
863863
'data': utils.encode_base64("WTF, do you want a ban?".encode()),
864-
'signature': utils.encode_base64(pad32('sig3')),
864+
'signature': utils.encode_base64(pad64('sig3')),
865865
'whisper': True,
866866
'whisper_mods': True,
867867
'whisper_to': user.session_id,
@@ -871,7 +871,7 @@ def test_whisper_both(client, room, user, user2, mod, admin):
871871
'seqno': 4,
872872
'session_id': user.session_id,
873873
'data': utils.encode_base64("No please I'm sorry!!!".encode()),
874-
'signature': utils.encode_base64(pad32('sig4')),
874+
'signature': utils.encode_base64(pad64('sig4')),
875875
},
876876
]
877877

@@ -893,7 +893,7 @@ def test_whisper_both(client, room, user, user2, mod, admin):
893893
def test_edits(client, room, user, user2, mod, global_admin):
894894

895895
url_post = "/room/test-room/message"
896-
d, s = (utils.encode_base64(x) for x in (b"post 1", pad32("sig 1")))
896+
d, s = (utils.encode_base64(x) for x in (b"post 1", pad64("sig 1")))
897897
r = sogs_post(client, url_post, {"data": d, "signature": s}, user)
898898
assert r.status_code == 201
899899

@@ -914,15 +914,15 @@ def test_edits(client, room, user, user2, mod, global_admin):
914914
url_edit = "/room/test-room/message/1"
915915

916916
# Make sure someone else (even super admin) can't edit our message:
917-
d, s = (utils.encode_base64(x) for x in (b"post 1no", pad32("sig 1no")))
917+
d, s = (utils.encode_base64(x) for x in (b"post 1no", pad64("sig 1no")))
918918
with pytest.raises(wexc.Forbidden):
919919
r = sogs_put(client, url_edit, {"data": d, "signature": s}, global_admin)
920920

921921
r = sogs_get(client, url_get, user)
922922
assert filter_timestamps(r.json) == filter_timestamps([p1])
923923
assert 'edited' not in r.json[0]
924924

925-
d, s = (utils.encode_base64(x) for x in (b"post 1b", pad32("sig 1b")))
925+
d, s = (utils.encode_base64(x) for x in (b"post 1b", pad64("sig 1b")))
926926
time.sleep(0.001)
927927
r = sogs_put(client, url_edit, {"data": d, "signature": s}, user)
928928
assert r.status_code == 200
@@ -936,7 +936,7 @@ def test_edits(client, room, user, user2, mod, global_admin):
936936
assert time.time() - 1 < r.json[0]['posted'] < r.json[0]['edited'] < time.time() + 1
937937
p1['edited'] = r.json[0]['edited']
938938

939-
d, s = (utils.encode_base64(x) for x in (b"post 2", pad32("sig 2")))
939+
d, s = (utils.encode_base64(x) for x in (b"post 2", pad64("sig 2")))
940940
r = sogs_post(client, url_post, {"data": d, "signature": s}, user2)
941941
assert r.status_code == 201
942942
p2 = r.json
@@ -949,7 +949,7 @@ def test_edits(client, room, user, user2, mod, global_admin):
949949
}
950950
assert -1 < p2['posted'] - time.time() < 1
951951

952-
d, s = (utils.encode_base64(x) for x in (b"post 1c", pad32("sig 1c")))
952+
d, s = (utils.encode_base64(x) for x in (b"post 1c", pad64("sig 1c")))
953953
time.sleep(0.001)
954954
r = sogs_put(client, url_edit, {"data": d, "signature": s}, user)
955955
assert r.status_code == 200

tests/test_rooms.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
import sogs.model.exc as exc
44
from sogs.model.room import Room, get_rooms
55
from sogs.model.file import File
6-
from util import pad32
6+
from util import pad64
77

88

99
def test_create(room, room2):
@@ -552,7 +552,7 @@ def test_image_expiries(room, user):
552552

553553

554554
def test_pinning(room, room2, user, mod, admin, global_admin, no_rate_limit):
555-
msgs = [room.add_post(user, f"data {i}".encode(), pad32(f"sig {i}")) for i in range(1, 10)]
555+
msgs = [room.add_post(user, f"data {i}".encode(), pad64(f"sig {i}")) for i in range(1, 10)]
556556

557557
with pytest.raises(exc.BadPermission):
558558
room.pin(msgs[3]['id'], user)

tests/test_user_routes.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
from sogs import db, utils
33
import werkzeug.exceptions as wexc
44
from request import sogs_get, sogs_post
5-
from util import pad32
5+
from util import pad64
66
import time
77

88

@@ -473,7 +473,7 @@ def room_mods(u=user2):
473473
def test_bans(client, room, room2, user, user2, mod, global_mod):
474474
url_ban = f'/user/{user.session_id}/ban'
475475
url_unban = f'/user/{user.session_id}/unban'
476-
post = {"data": utils.encode_base64(b"post"), "signature": utils.encode_base64(pad32("sig"))}
476+
post = {"data": utils.encode_base64(b"post"), "signature": utils.encode_base64(pad64("sig"))}
477477

478478
r = sogs_post(client, "/room/test-room/message", post, user)
479479
assert r.status_code == 201
@@ -564,7 +564,7 @@ def test_bans(client, room, room2, user, user2, mod, global_mod):
564564
def test_ban_timeouts(client, room, room2, user, mod, global_mod):
565565
url_ban = f'/user/{user.session_id}/ban'
566566
url_unban = f'/user/{user.session_id}/unban'
567-
post = {"data": utils.encode_base64(b"post"), "signature": utils.encode_base64(pad32("sig"))}
567+
post = {"data": utils.encode_base64(b"post"), "signature": utils.encode_base64(pad64("sig"))}
568568

569569
r = sogs_post(client, url_ban, {'rooms': ['*'], 'timeout': 0.001}, global_mod)
570570
assert r.status_code == 200

tests/util.py

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,11 @@
11
from typing import Union
22

33

4-
def pad32(data: Union[bytes, str]):
5-
"""Returns the bytes (or str.encode()) padded to length 32 by appending null bytes"""
4+
def pad64(data: Union[bytes, str]):
5+
"""Returns the bytes (or str.encode()) padded to length 64 by appending null bytes"""
66
if isinstance(data, str):
77
data = data.encode()
8-
assert len(data) <= 32
9-
if len(data) < 32:
10-
return data + b'\0' * (32 - len(data))
8+
assert len(data) <= 64
9+
if len(data) < 64:
10+
return data + b'\0' * (64 - len(data))
1111
return data

0 commit comments

Comments
 (0)