I should not hash the token

fc031ca7 · okhin · 8edb8fa1 · fc031ca7
Commit fc031ca7 authored Apr 19, 2017 by okhin
--- a/piphone.py
+++ b/piphone.py
@@ -107,7 +107,7 @@ def authenticated(f):
            results = db.execute('SELECT token FROM users WHERE api = ?', (request.params['api'],)).fetchall()
            assert len(results) == 1
            token = results[0][0]
-            auth_token = jwt.decode(hashlib.sha256(request.params['token'].encode()).hexdigest(), token)
+            auth_token = jwt.decode(request.params['token'], token)
            assert auth_token['api'] == request.params['api']
            for key in auth_token:
                request.params[key] = auth_token[key]