Commit 8edb8fa1 authored by okhin's avatar okhin
Browse files

The hashing of the token shuld be done at the right place

parent 787c7175
Pipeline #949 passed with stage
in 5 seconds
......@@ -107,8 +107,8 @@ def authenticated(f):
results = db.execute('SELECT token FROM users WHERE api = ?', (request.params['api'],)).fetchall()
assert len(results) == 1
token = results[0][0]
auth_token = jwt.decode(request.params['token'], token)
assert hashlib.sha256(auth_token['api'].encode()).hexdigest() == request.params['api']
auth_token = jwt.decode(hashlib.sha256(request.params['token'].encode()).hexdigest(), token)
assert auth_token['api'] == request.params['api']
for key in auth_token:
request.params[key] = auth_token[key]
except (jwt.exceptions.InvalidTokenError, AssertionError) as e:
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment