Change session token generation mecanism.

This commit is contained in:
Alexis Lahouze 2016-01-13 12:50:57 +01:00
parent 3927f7e398
commit 24ed36cc1b

View File

@ -16,7 +16,7 @@
""" """
# vim: set tw=80 ts=4 sw=4 sts=4: # vim: set tw=80 ts=4 sw=4 sts=4:
from passlib.hash import sha256_crypt as crypt from passlib.hash import sha256_crypt as crypt
from itsdangerous import (TimedJSONWebSignatureSerializer as Serializer, from itsdangerous import (URLSafeTimedSerializer as Serializer,
BadSignature, SignatureExpired) BadSignature, SignatureExpired)
from flask import current_app as app from flask import current_app as app
@ -47,8 +47,9 @@ class User(UserMixin, db.Model):
def verify_password(self, password): def verify_password(self, password):
return crypt.verify(password, self.password) return crypt.verify(password, self.password)
def generate_auth_token(self, expiration=600): def generate_auth_token(self):
serializer = Serializer(app.config['SECRET_KEY'], expires_in=expiration) serializer = Serializer(app.secret_key)
return serializer.dumps({'id': self.id}) return serializer.dumps({'id': self.id})
@classmethod @classmethod
@ -56,7 +57,7 @@ class User(UserMixin, db.Model):
serializer = Serializer(app.config['SECRET_KEY']) serializer = Serializer(app.config['SECRET_KEY'])
try: try:
data = serializer.loads(token) data = serializer.loads(token, max_age=app.config["SESSION_TTL"])
except SignatureExpired: except SignatureExpired:
return None return None
except BadSignature: except BadSignature: