almet/ihatemoney
1
0
Fork 0
mirror of https://github.com/spiral-project/ihatemoney.git synced 2025-05-05 20:51:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

be sure that project_id was not modified by verify_token

Browse source
This commit is contained in:
Glandos 2021-07-25 23:45:18 +02:00
parent 0ff0b03945
commit 0a33007adf
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
ihatemoney/web.py
View file

@ -206,10 +206,13 @@ def authenticate(project_id=None):
# Try to get project_id from token first # Try to get project_id from token first
token = request.args.get("token") token = request.args.get("token")
if token: if token:
project_id = Project.verify_token( verified_project_id = Project.verify_token(
token, token_type="auth", project_id=project_id token, token_type="auth", project_id=project_id
) )
token_auth = True if verified_project_id == project_id:
token_auth = True
else:
project_id = None
else: else:
token_auth = False token_auth = False
if project_id is None: if project_id is None: