# HG changeset patch # User Goffi # Date 1490556183 -7200 # Node ID c316c6f6a73795df6af52ede069e85352c71fc42 # Parent d662bdd682b2a27a8ca9b2593e55d9613b87357c plugin invitations: fixed leak of uuid in jid diff -r d662bdd682b2 -r c316c6f6a737 src/plugins/plugin_misc_invitations.py --- a/src/plugins/plugin_misc_invitations.py Sun Mar 26 18:08:05 2017 +0200 +++ b/src/plugins/plugin_misc_invitations.py Sun Mar 26 21:23:03 2017 +0200 @@ -95,7 +95,8 @@ **kwargs: keywords arguments which can have the following keys, unset values are equivalent to None: jid_(jid.JID, None): jid to use for invitation, the jid will be created using XEP-0077 if the jid has no user part, an anonymous account will be used (no XMPP account created in this case) - if None, automatically generate an account name (in the form "invitation-[UUID]@domain.tld") + if None, automatically generate an account name (in the form "invitation-[random UUID]@domain.tld") (note that this UUID is not the + same as the invitation one, as jid can be used publicly (leaking the UUID), and invitation UUID give access to account. in case of conflict, a suffix number is added to the account until a free one if found (with a failure if SUFFIX_MAX is reached) password(unicode, None): password to use (will be used for XMPP account and profile) None to automatically generate one @@ -165,7 +166,7 @@ if not domain: # TODO: fallback to profile's domain raise ValueError(_(u"You need to specify xmpp_domain in sat.conf")) - jid_ = u"invitation-{uuid}@{domain}".format(uuid=id_, domain=domain) + jid_ = u"invitation-{uuid}@{domain}".format(uuid=shortuuid.uuid(), domain=domain) jid_ = jid.JID(jid_) if jid_.user: # we don't register account if there is no user as anonymous login is then used