From 7d6aab9a296a1c37bf48b4d802716b0971c32f21 Mon Sep 17 00:00:00 2001 From: Luna Date: Tue, 4 Dec 2018 02:21:49 -0300 Subject: [PATCH] litecord.auth: use TimestampSigner this fixes all tokens being the same. --- litecord/auth.py | 4 ++-- litecord/blueprints/auth.py | 2 +- litecord/pubsub/lazy_guild.py | 2 -- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/litecord/auth.py b/litecord/auth.py index d9cd1e0..f631345 100644 --- a/litecord/auth.py +++ b/litecord/auth.py @@ -4,7 +4,7 @@ from random import randint import bcrypt from asyncpg import UniqueViolationError -from itsdangerous import Signer, BadSignature +from itsdangerous import TimestampSigner, BadSignature from logbook import Logger from quart import request, current_app as app @@ -38,7 +38,7 @@ async def raw_token_check(token, db=None): if not pwd_hash: raise Unauthorized('User ID not found') - signer = Signer(pwd_hash) + signer = TimestampSigner(pwd_hash) try: signer.unsign(token) diff --git a/litecord/blueprints/auth.py b/litecord/blueprints/auth.py index 9327f29..6902d5b 100644 --- a/litecord/blueprints/auth.py +++ b/litecord/blueprints/auth.py @@ -24,7 +24,7 @@ async def check_password(pwd_hash: str, given_password: str) -> bool: def make_token(user_id, user_pwd_hash) -> str: """Generate a single token for a user.""" - signer = itsdangerous.Signer(user_pwd_hash) + signer = itsdangerous.TimestampSigner(user_pwd_hash) user_id = base64.b64encode(str(user_id).encode()) return signer.sign(user_id).decode() diff --git a/litecord/pubsub/lazy_guild.py b/litecord/pubsub/lazy_guild.py index cc0bf5c..ef7c65e 100644 --- a/litecord/pubsub/lazy_guild.py +++ b/litecord/pubsub/lazy_guild.py @@ -280,8 +280,6 @@ class GuildMemberList: # list of strings holding the hash input ovs_i = [] - print(self.list.overwrites) - for actor_id, overwrite in self.list.overwrites.items(): allow, deny = ( Permissions(overwrite['allow']),