velvox
/
litecord
mirror of https://gitlab.com/litecord/litecord.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix not comparing admin token to passed token

This commit is contained in:
Bluenix 2022-10-19 23:13:44 +02:00
parent 210f1ab1d5
commit 83179f21ab
No known key found for this signature in database
GPG Key ID: 1C1ED07E6FC8AA48
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
litecord/auth.py
View File

@ -19,6 +19,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
import base64 import base64
import binascii import binascii
from hmac import compare_digest
import bcrypt import bcrypt
from itsdangerous import TimestampSigner, BadSignature from itsdangerous import TimestampSigner, BadSignature
@ -47,7 +48,9 @@ async def raw_token_check(token: str, db=None) -> int:
Forbidden Forbidden
If token validation fails. If token validation fails.
""" """
if app.config["ADMIN_TOKEN"] is not None: if app.config["ADMIN_TOKEN"] is not None and compare_digest(
token, app.config["ADMIN_TOKEN"]
):
return app.config["ADMIN_ID"] return app.config["ADMIN_ID"]
db = db or app.db db = db or app.db