forked from rDrama/rDrama
use more secure token_urlsafe
parent
7823df8f0c
commit
ed322add97
|
@ -1890,7 +1890,7 @@ def delete_media_post(v):
|
|||
@admin_level_required(PERMS['USER_RESET_PASSWORD'])
|
||||
def admin_reset_password(user_id, v):
|
||||
user = get_account(user_id)
|
||||
new_password = secrets.token_hex(31)
|
||||
new_password = secrets.token_urlsafe(57)
|
||||
user.passhash = hash_password(new_password)
|
||||
g.db.add(user)
|
||||
|
||||
|
|
|
@ -172,7 +172,7 @@ def sign_up_get(v:Optional[User]):
|
|||
return render_template("login/sign_up_failed_ref.html"), 403
|
||||
|
||||
now = int(time.time())
|
||||
token = secrets.token_hex(16)
|
||||
token = secrets.token_urlsafe(32)
|
||||
session["signup_token"] = token
|
||||
|
||||
formkey_hashstr = str(now) + token + g.agent
|
||||
|
@ -234,7 +234,7 @@ def sign_up_post(v:Optional[User]):
|
|||
ref_user = None
|
||||
|
||||
now = int(time.time())
|
||||
token = secrets.token_hex(16)
|
||||
token = secrets.token_urlsafe(32)
|
||||
session["signup_token"] = token
|
||||
formkey_hashstr = str(now) + token + g.agent
|
||||
formkey = hmac.new(key=bytes(SECRET_KEY, "utf-16"),
|
||||
|
|
|
@ -39,7 +39,7 @@ def calc_users():
|
|||
|
||||
if not session.get("session_id"):
|
||||
session.permanent = True
|
||||
session["session_id"] = secrets.token_hex(49)
|
||||
session["session_id"] = secrets.token_urlsafe(98)
|
||||
|
||||
if v:
|
||||
if session["session_id"] in loggedout: del loggedout[session["session_id"]]
|
||||
|
|
Loading…
Reference in New Issue