Skip to content
Snippets Groups Projects
Commit 7acb3b40 authored by Patrick Jentsch's avatar Patrick Jentsch
Browse files

use hashids in jwt

parent 1f3ca966
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 7 additions and 6 deletions
app/models.py
+ 7
6
View file @ 7acb3b40
from app import db, login, mail, socketio
from app import db, hashids, login, mail, socketio
from app.converters.vrt import normalize_vrt_file
from app.email import create_message
from datetime import datetime, timedelta
......@@ -327,7 +327,7 @@ class User(HashidMixin, UserMixin, db.Model):
return False
if payload.get('purpose') != 'confirm_user':
return False
if payload.get('sub') != self.id:
if payload.get('sub') != self.hashid:
return False
self.confirmed = True
db.session.add(self)
......@@ -344,7 +344,7 @@ class User(HashidMixin, UserMixin, db.Model):
'iat': utc_now,
'iss': current_app.config['SERVER_NAME'],
'purpose': 'confirm_user',
'sub': self.id
'sub': self.hashid
}
return jwt.encode(payload, current_app.config['SECRET_KEY'], algorithm='HS256')
......@@ -355,7 +355,7 @@ class User(HashidMixin, UserMixin, db.Model):
'iat': utc_now,
'iss': current_app.config['SERVER_NAME'],
'purpose': 'reset_password',
'sub': self.id
'sub': self.hashid
}
return jwt.encode(payload, current_app.config['SECRET_KEY'], algorithm='HS256')
......@@ -452,9 +452,10 @@ class User(HashidMixin, UserMixin, db.Model):
return False
if payload.get('purpose') != 'reset_password':
return False
user_id = payload.get('sub')
if user_id is None:
user_hashid = payload.get('sub')
if user_hashid is None:
return False
user_id = hashids.decode(user_hashid)
user = User.query.get(user_id)
if user is None:
return False
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment