summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--fbin/api.py3
-rwxr-xr-xfbin/fbin.py8
-rw-r--r--fbin/login.py9
3 files changed, 13 insertions, 7 deletions
diff --git a/fbin/api.py b/fbin/api.py
index 5659b3a..dc7e1f8 100644
--- a/fbin/api.py
+++ b/fbin/api.py
@@ -31,7 +31,8 @@ def authenticate():
if scheme != 'Bearer':
abort(400)
try:
- token = jwt.decode(token, current_app.config['SECRET_KEY'], issuer=request.url_root)
+ token = jwt.decode(token, current_app.config['SECRET_KEY'], issuer=request.url_root,
+ algorithms=[current_app.config['API_JWT_ALGORITHM']])
except jwt.InvalidTokenError:
abort(403)
try:
diff --git a/fbin/fbin.py b/fbin/fbin.py
index b062c9a..d0a5a9a 100755
--- a/fbin/fbin.py
+++ b/fbin/fbin.py
@@ -253,9 +253,11 @@ def auth():
return redirect(url_for('.index'))
try:
jwt.decode(token['access_token'], key=current_app.config['JWT_PUBLIC_KEY'],
- audience=current_app.config['OAUTH_CLIENT_ID'])
+ audience=current_app.config['OAUTH_CLIENT_ID'],
+ algorithms=[current_app.config['OAUTH_JWT_ALGORITHM']])
jwt.decode(token['refresh_token'], key=current_app.config['JWT_PUBLIC_KEY'],
- audience=current_app.config['OAUTH_CLIENT_ID'])
+ audience=current_app.config['OAUTH_CLIENT_ID'],
+ algorithms=[current_app.config['OAUTH_JWT_ALGORITHM']])
except jwt.InvalidTokenError as e:
flash('Failed to verify token: {!s}'.format(e), 'error')
return redirect(url_for('.index'))
@@ -414,7 +416,7 @@ def generate_api_key():
'nbf': now,
'sub': user_id,
}
- token = jwt.encode(data, current_app.config['SECRET_KEY'])
+ token = jwt.encode(data, current_app.config['SECRET_KEY'], algorithm=current_app.config['API_JWT_ALGORITHM'])
return token
diff --git a/fbin/login.py b/fbin/login.py
index 00f969d..b4b62d0 100644
--- a/fbin/login.py
+++ b/fbin/login.py
@@ -35,9 +35,11 @@ class BinUser:
return
try:
jwt.decode(token['access_token'], key=current_app.config['JWT_PUBLIC_KEY'],
- audience=current_app.config['OAUTH_CLIENT_ID'])
+ audience=current_app.config['OAUTH_CLIENT_ID'],
+ algorithms=[current_app.config['OAUTH_JWT_ALGORITHM']])
jwt.decode(token['refresh_token'], key=current_app.config['JWT_PUBLIC_KEY'],
- audience=current_app.config['OAUTH_CLIENT_ID'])
+ audience=current_app.config['OAUTH_CLIENT_ID'],
+ algorithms=[current_app.config['OAUTH_JWT_ALGORITHM']])
except jwt.InvalidTokenError:
traceback.print_exc()
flash('Failed to refresh authentication token (verification failed)', 'error')
@@ -57,7 +59,8 @@ class BinUser:
return True
try:
self.token = jwt.decode(self.user_session.access_token, key=current_app.config['JWT_PUBLIC_KEY'],
- audience=current_app.config['OAUTH_CLIENT_ID'])
+ audience=current_app.config['OAUTH_CLIENT_ID'],
+ algorithms=[current_app.config['OAUTH_JWT_ALGORITHM']])
except jwt.ExpiredSignatureError:
try:
if not self.refresh_access_token():