Change session token generation mecanism.

This commit is contained in:
Alexis Lahouze 2016-01-13 12:50:57 +01:00
parent 3927f7e398
commit 24ed36cc1b

View File

@ -16,7 +16,7 @@
"""
# vim: set tw=80 ts=4 sw=4 sts=4:
from passlib.hash import sha256_crypt as crypt
from itsdangerous import (TimedJSONWebSignatureSerializer as Serializer,
from itsdangerous import (URLSafeTimedSerializer as Serializer,
BadSignature, SignatureExpired)
from flask import current_app as app
@ -47,8 +47,9 @@ class User(UserMixin, db.Model):
def verify_password(self, password):
return crypt.verify(password, self.password)
def generate_auth_token(self, expiration=600):
serializer = Serializer(app.config['SECRET_KEY'], expires_in=expiration)
def generate_auth_token(self):
serializer = Serializer(app.secret_key)
return serializer.dumps({'id': self.id})
@classmethod
@ -56,7 +57,7 @@ class User(UserMixin, db.Model):
serializer = Serializer(app.config['SECRET_KEY'])
try:
data = serializer.loads(token)
data = serializer.loads(token, max_age=app.config["SESSION_TTL"])
except SignatureExpired:
return None
except BadSignature: