changeset 2208:c316c6f6a737

plugin invitations: fixed leak of uuid in jid
author Goffi <goffi@goffi.org>
date Sun, 26 Mar 2017 21:23:03 +0200
parents d662bdd682b2
children ea41cf1e6d29
files src/plugins/plugin_misc_invitations.py
diffstat 1 files changed, 3 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/src/plugins/plugin_misc_invitations.py	Sun Mar 26 18:08:05 2017 +0200
+++ b/src/plugins/plugin_misc_invitations.py	Sun Mar 26 21:23:03 2017 +0200
@@ -95,7 +95,8 @@
         **kwargs: keywords arguments which can have the following keys, unset values are equivalent to None:
             jid_(jid.JID, None): jid to use for invitation, the jid will be created using XEP-0077
                 if the jid has no user part, an anonymous account will be used (no XMPP account created in this case)
-                if None, automatically generate an account name (in the form "invitation-[UUID]@domain.tld")
+                if None, automatically generate an account name (in the form "invitation-[random UUID]@domain.tld") (note that this UUID is not the
+                    same as the invitation one, as jid can be used publicly (leaking the UUID), and invitation UUID give access to account.
                 in case of conflict, a suffix number is added to the account until a free one if found (with a failure if SUFFIX_MAX is reached)
             password(unicode, None): password to use (will be used for XMPP account and profile)
                 None to automatically generate one
@@ -165,7 +166,7 @@
             if not domain:
                 # TODO: fallback to profile's domain
                 raise ValueError(_(u"You need to specify xmpp_domain in sat.conf"))
-            jid_ = u"invitation-{uuid}@{domain}".format(uuid=id_, domain=domain)
+            jid_ = u"invitation-{uuid}@{domain}".format(uuid=shortuuid.uuid(), domain=domain)
         jid_ = jid.JID(jid_)
         if jid_.user:
             # we don't register account if there is no user as anonymous login is then used