From 7275a0b8c4a72c9d0a20b2933a8c4a57ec627d71 Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Fri, 21 Jan 2022 12:44:12 +0200 Subject: [PATCH] fds --- files/routes/login.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/files/routes/login.py b/files/routes/login.py index c263cb600..0aa7d5195 100644 --- a/files/routes/login.py +++ b/files/routes/login.py @@ -396,6 +396,8 @@ def get_reset(): user = g.db.query(User).filter_by(id=user_id).one_or_none() + if not user: abort(400) + if not validate_hash(f"{user_id}+{timestamp}+forgot+{user.login_nonce}", token): abort(400)