00dani/lemoncurry
1
0
Fork 1
Code Issues Pull requests Releases Wiki Activity

Improve JWT security by specifying the algorithm used, and also use shorter key names to make the code a little shorter

Browse source
This commit is contained in:
Danielle McLean 2017-11-03 14:33:27 +11:00
parent 6b1cd896ea
commit 6f6bb4e534
Signed by: 00dani
GPG key ID: 5A5D2D1AFF12EEC5
2 changed files with 11 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

15
lemonauth/tokens.py
View file

@ -11,17 +11,18 @@ def gen_auth_code(post):
code = {
'me': post['me'],
'client_id': post['client_id'],
'redirect_uri': post['redirect_uri'],
'response_type': post.get('response_type', 'id'),
'exp': datetime.utcnow() + timedelta(minutes=10),
'id': post['client_id'],
'uri': post['redirect_uri'],
'typ': post.get('response_type', 'id'),
'iat': datetime.utcnow(),
'exp': datetime.utcnow() + timedelta(seconds=30),
}
if 'scope' in post:
code['scope'] = ' '.join(post.getlist('scope'))
code['sco'] = ' '.join(post.getlist('scope'))
params['code'] = jwt.encode(code, settings.SECRET_KEY)
params['code'] = jwt.encode(code, settings.SECRET_KEY, algorithm='HS256')
return params
def verify_auth_code(c):
return jwt.decode(c, settings.SECRET_KEY)
return jwt.decode(c, settings.SECRET_KEY, algorithms=('HS256',))