skorotkiewicz/rDrama
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix: Redirect loop on formkey or nonce mismatch.

Browse source 
* fix 401-302-401-302-429 loop

* don't logout users on bad form key, just treat the request as unauthenticated

* Handle None/empty case in validate_formkey.

A supplied empty formkey, or the lack of a supplied formkey (None) is not a valid formkey. Handle this inside the function rather than at the call-site.

* Validate as false if no hashstr or string

Co-authored-by: Snakes <104547575+TLSM@users.noreply.github.com>
This commit is contained in:
justcool393 2022-12-17 09:20:27 -08:00 committed by GitHub
parent a213396854
commit 1ae3dc85c2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

2
files/helpers/security.py
View file

@ -13,7 +13,7 @@ def generate_hash(string):
def validate_hash(string, hashstr):
if not string or not hashstr: return False
return hmac.compare_digest(hashstr, generate_hash(string))