mirror of
https://gitlab.ub.uni-bielefeld.de/sfb1288inf/nopaque.git
synced 2024-12-24 10:34:17 +00:00
use hashids in jwt
This commit is contained in:
parent
1f3ca9664d
commit
7acb3b40c2
@ -1,4 +1,4 @@
|
||||
from app import db, login, mail, socketio
|
||||
from app import db, hashids, login, mail, socketio
|
||||
from app.converters.vrt import normalize_vrt_file
|
||||
from app.email import create_message
|
||||
from datetime import datetime, timedelta
|
||||
@ -327,7 +327,7 @@ class User(HashidMixin, UserMixin, db.Model):
|
||||
return False
|
||||
if payload.get('purpose') != 'confirm_user':
|
||||
return False
|
||||
if payload.get('sub') != self.id:
|
||||
if payload.get('sub') != self.hashid:
|
||||
return False
|
||||
self.confirmed = True
|
||||
db.session.add(self)
|
||||
@ -344,7 +344,7 @@ class User(HashidMixin, UserMixin, db.Model):
|
||||
'iat': utc_now,
|
||||
'iss': current_app.config['SERVER_NAME'],
|
||||
'purpose': 'confirm_user',
|
||||
'sub': self.id
|
||||
'sub': self.hashid
|
||||
}
|
||||
return jwt.encode(payload, current_app.config['SECRET_KEY'], algorithm='HS256')
|
||||
|
||||
@ -355,7 +355,7 @@ class User(HashidMixin, UserMixin, db.Model):
|
||||
'iat': utc_now,
|
||||
'iss': current_app.config['SERVER_NAME'],
|
||||
'purpose': 'reset_password',
|
||||
'sub': self.id
|
||||
'sub': self.hashid
|
||||
}
|
||||
return jwt.encode(payload, current_app.config['SECRET_KEY'], algorithm='HS256')
|
||||
|
||||
@ -452,9 +452,10 @@ class User(HashidMixin, UserMixin, db.Model):
|
||||
return False
|
||||
if payload.get('purpose') != 'reset_password':
|
||||
return False
|
||||
user_id = payload.get('sub')
|
||||
if user_id is None:
|
||||
user_hashid = payload.get('sub')
|
||||
if user_hashid is None:
|
||||
return False
|
||||
user_id = hashids.decode(user_hashid)
|
||||
user = User.query.get(user_id)
|
||||
if user is None:
|
||||
return False
|
||||
|
Loading…
Reference in New Issue
Block a user