Change session token generation mecanism.
This commit is contained in:
parent
3927f7e398
commit
24ed36cc1b
@ -16,7 +16,7 @@
|
||||
"""
|
||||
# vim: set tw=80 ts=4 sw=4 sts=4:
|
||||
from passlib.hash import sha256_crypt as crypt
|
||||
from itsdangerous import (TimedJSONWebSignatureSerializer as Serializer,
|
||||
from itsdangerous import (URLSafeTimedSerializer as Serializer,
|
||||
BadSignature, SignatureExpired)
|
||||
|
||||
from flask import current_app as app
|
||||
@ -47,8 +47,9 @@ class User(UserMixin, db.Model):
|
||||
def verify_password(self, password):
|
||||
return crypt.verify(password, self.password)
|
||||
|
||||
def generate_auth_token(self, expiration=600):
|
||||
serializer = Serializer(app.config['SECRET_KEY'], expires_in=expiration)
|
||||
def generate_auth_token(self):
|
||||
serializer = Serializer(app.secret_key)
|
||||
|
||||
return serializer.dumps({'id': self.id})
|
||||
|
||||
@classmethod
|
||||
@ -56,7 +57,7 @@ class User(UserMixin, db.Model):
|
||||
serializer = Serializer(app.config['SECRET_KEY'])
|
||||
|
||||
try:
|
||||
data = serializer.loads(token)
|
||||
data = serializer.loads(token, max_age=app.config["SESSION_TTL"])
|
||||
except SignatureExpired:
|
||||
return None
|
||||
except BadSignature:
|
||||
|
Loading…
Reference in New Issue
Block a user