Address CL concerns and switch to a real encryption system
This commit is contained in:
Joseph Schorr
parent
d23bb6616d
commit
aaf1b23e98
6 changed files with 124 additions and 37 deletions
|
|
@ -5,7 +5,6 @@ from random import SystemRandom
|
|||
from flask import request
|
||||
from flask.ext.login import logout_user
|
||||
from flask.ext.principal import identity_changed, AnonymousIdentity
|
||||
from flask.sessions import SecureCookieSessionInterface
|
||||
from peewee import IntegrityError
|
||||
|
||||
from app import app, billing as stripe, authentication, avatar
|
||||
|
|
@ -370,15 +369,8 @@ class ClientKey(ApiResource):
|
|||
if not result:
|
||||
raise request_error(message=error_message)
|
||||
|
||||
ser = SecureCookieSessionInterface().get_signing_serializer(app)
|
||||
data_to_sign = {
|
||||
'password': password,
|
||||
'nonce': SystemRandom().randint(0, 10000000000)
|
||||
}
|
||||
|
||||
encrypted = ser.dumps(data_to_sign)
|
||||
return {
|
||||
'key': encrypted
|
||||
'key': authentication.encrypt_user_password(password)
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
Reference in a new issue