Commit 8edb8fa1 authored by okhin's avatar okhin 🚴

The hashing of the token shuld be done at the right place

parent 787c7175
Pipeline #949 passed with stage
in 5 seconds
...@@ -107,8 +107,8 @@ def authenticated(f): ...@@ -107,8 +107,8 @@ def authenticated(f):
results = db.execute('SELECT token FROM users WHERE api = ?', (request.params['api'],)).fetchall() results = db.execute('SELECT token FROM users WHERE api = ?', (request.params['api'],)).fetchall()
assert len(results) == 1 assert len(results) == 1
token = results[0][0] token = results[0][0]
auth_token = jwt.decode(request.params['token'], token) auth_token = jwt.decode(hashlib.sha256(request.params['token'].encode()).hexdigest(), token)
assert hashlib.sha256(auth_token['api'].encode()).hexdigest() == request.params['api'] assert auth_token['api'] == request.params['api']
for key in auth_token: for key in auth_token:
request.params[key] = auth_token[key] request.params[key] = auth_token[key]
except (jwt.exceptions.InvalidTokenError, AssertionError) as e: except (jwt.exceptions.InvalidTokenError, AssertionError) as e:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment