MirrorMirror
/
funkwhale
mirror of https://dev.funkwhale.audio/funkwhale/funkwhale.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

More secure tokens

This commit is contained in:
Agate 2020-08-19 19:50:56 +02:00
parent f2e5969c44
commit 30f6a77e68
2 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
api/funkwhale_api/users/models.py
View File

@ -1,9 +1,7 @@
# -*- coding: utf-8 -*-
from __future__ import absolute_import, unicode_literals
import binascii
import datetime
import os
import random
import string
import uuid
@ -31,8 +29,9 @@ from funkwhale_api.federation import models as federation_models
from funkwhale_api.federation import utils as federation_utils
def get_token(length=15):
return binascii.b2a_hex(os.urandom(length)).decode("utf-8")
def get_token(length=30):
choices = string.ascii_lowercase + string.ascii_uppercase + "0123456789"
return "".join(random.choice(choices) for i in range(length))
PERMISSIONS_CONFIGURATION = {

2
api/funkwhale_api/users/oauth/views.py
View File

@ -93,7 +93,7 @@ class ApplicationViewSet(
app = self.get_object()
if not app.user_id or request.user != app.user:
return response.Response(status=404)
app.token = models.get_token(15)
app.token = models.get_token()
app.save(update_fields=["token"])
serializer = serializers.CreateApplicationSerializer(app)
return response.Response(serializer.data, status=200)