Commit fc031ca7 authored by okhin's avatar okhin 🚴

I should not hash the token

parent 8edb8fa1
...@@ -107,7 +107,7 @@ def authenticated(f): ...@@ -107,7 +107,7 @@ def authenticated(f):
results = db.execute('SELECT token FROM users WHERE api = ?', (request.params['api'],)).fetchall() results = db.execute('SELECT token FROM users WHERE api = ?', (request.params['api'],)).fetchall()
assert len(results) == 1 assert len(results) == 1
token = results[0][0] token = results[0][0]
auth_token = jwt.decode(hashlib.sha256(request.params['token'].encode()).hexdigest(), token) auth_token = jwt.decode(request.params['token'], token)
assert auth_token['api'] == request.params['api'] assert auth_token['api'] == request.params['api']
for key in auth_token: for key in auth_token:
request.params[key] = auth_token[key] request.params[key] = auth_token[key]
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment