Change session token generation mecanism.
This commit is contained in:
Alexis Lahouze
parent
3927f7e398
commit
24ed36cc1b
@ -16,7 +16,7 @@
|
|||||||
"""
|
"""
|
||||||
# vim: set tw=80 ts=4 sw=4 sts=4:
|
# vim: set tw=80 ts=4 sw=4 sts=4:
|
||||||
from passlib.hash import sha256_crypt as crypt
|
from passlib.hash import sha256_crypt as crypt
|
||||||
from itsdangerous import (TimedJSONWebSignatureSerializer as Serializer,
|
from itsdangerous import (URLSafeTimedSerializer as Serializer,
|
||||||
BadSignature, SignatureExpired)
|
BadSignature, SignatureExpired)
|
||||||
|
|
||||||
from flask import current_app as app
|
from flask import current_app as app
|
||||||
@ -47,8 +47,9 @@ class User(UserMixin, db.Model):
|
|||||||
def verify_password(self, password):
|
def verify_password(self, password):
|
||||||
return crypt.verify(password, self.password)
|
return crypt.verify(password, self.password)
|
||||||
|
|
||||||
def generate_auth_token(self, expiration=600):
|
def generate_auth_token(self):
|
||||||
serializer = Serializer(app.config['SECRET_KEY'], expires_in=expiration)
|
serializer = Serializer(app.secret_key)
|
||||||
|
|
||||||
return serializer.dumps({'id': self.id})
|
return serializer.dumps({'id': self.id})
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
@ -56,7 +57,7 @@ class User(UserMixin, db.Model):
|
|||||||
serializer = Serializer(app.config['SECRET_KEY'])
|
serializer = Serializer(app.config['SECRET_KEY'])
|
||||||
|
|
||||||
try:
|
try:
|
||||||
data = serializer.loads(token)
|
data = serializer.loads(token, max_age=app.config["SESSION_TTL"])
|
||||||
except SignatureExpired:
|
except SignatureExpired:
|
||||||
return None
|
return None
|
||||||
except BadSignature:
|
except BadSignature:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user