taiga
/
taiga-back
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Increase entropy of tokens used for authentication

remotes/origin/release/3.1.1
Miguel Gonzalez 2018-01-16 20:11:04 +01:00
parent ae558ad471
commit 5fbcbfb68c
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
taiga/users/api.py
View File

@ -134,7 +134,7 @@ class UsersViewSet(ModelCrudViewSet):
raise exc.WrongArguments(_("Not valid email")) raise exc.WrongArguments(_("Not valid email"))
# We need to generate a token for the email # We need to generate a token for the email
request.user.email_token = str(uuid.uuid1()) request.user.email_token = str(uuid.uuid4())
request.user.new_email = new_email request.user.new_email = new_email
request.user.save(update_fields=["email_token", "new_email"]) request.user.save(update_fields=["email_token", "new_email"])
email = mail_builder.change_email( email = mail_builder.change_email(
@ -172,7 +172,7 @@ class UsersViewSet(ModelCrudViewSet):
raise exc.WrongArguments(_("Invalid username or email")) raise exc.WrongArguments(_("Invalid username or email"))
user = get_user_by_username_or_email(username_or_email) user = get_user_by_username_or_email(username_or_email)
user.token = str(uuid.uuid1()) user.token = str(uuid.uuid4())
user.save(update_fields=["token"]) user.save(update_fields=["token"])
email = mail_builder.password_recovery(user, {"user": user}) email = mail_builder.password_recovery(user, {"user": user})