use hashids in jwt

2024-11-14 16:55:42 +00:00 · 2022-07-18 17:37:05 +02:00 · 2022-07-18 17:37:05 +02:00 · 7acb3b40c2
commit 7acb3b40c2
parent 1f3ca9664d
1 changed files with 7 additions and 6 deletions
--- a/app/models.py
+++ b/app/models.py
@ -1,4 +1,4 @@
-from app import db, login, mail, socketio
+from app import db, hashids, login, mail, socketio
 from app.converters.vrt import normalize_vrt_file
 from app.email import create_message
 from datetime import datetime, timedelta
@ -327,7 +327,7 @@ class User(HashidMixin, UserMixin, db.Model):
            return False
        if payload.get('purpose') != 'confirm_user':
            return False
-        if payload.get('sub') != self.id:
+        if payload.get('sub') != self.hashid:
            return False
        self.confirmed = True
        db.session.add(self)
@ -344,7 +344,7 @@ class User(HashidMixin, UserMixin, db.Model):
            'iat': utc_now,
            'iss': current_app.config['SERVER_NAME'],
            'purpose': 'confirm_user',
-            'sub': self.id
+            'sub': self.hashid
        }
        return jwt.encode(payload, current_app.config['SECRET_KEY'], algorithm='HS256')

@ -355,7 +355,7 @@ class User(HashidMixin, UserMixin, db.Model):
            'iat': utc_now,
            'iss': current_app.config['SERVER_NAME'],
            'purpose': 'reset_password',
-            'sub': self.id
+            'sub': self.hashid
        }
        return jwt.encode(payload, current_app.config['SECRET_KEY'], algorithm='HS256')

@ -452,9 +452,10 @@ class User(HashidMixin, UserMixin, db.Model):
            return False
        if payload.get('purpose') != 'reset_password':
            return False
-        user_id = payload.get('sub')
-        if user_id is None:
+        user_hashid = payload.get('sub')
+        if user_hashid is None:
            return False
+        user_id = hashids.decode(user_hashid)
        user = User.query.get(user_id)
        if user is None:
            return False