imacat/flask-digestauth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 16 Wiki Activity

Replaced random.random() with secrets.randbits() in the make_response_header method of the DigestAuth class.

Browse Source
This commit is contained in:
依瑪貓 2022-11-29 19:13:50 +08:00
parent 0f3694ba05
commit f3b525d715
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/flask_digest_auth/auth.py
View File

@ -24,8 +24,7 @@ from __future__ import annotations
import sys import sys
import typing as t import typing as t
from functools import wraps from functools import wraps
from random import random from secrets import token_urlsafe, randbits
from secrets import token_urlsafe
from flask import g, request, Response, session, abort, Flask, Request from flask import g, request, Response, session, abort, Flask, Request
from itsdangerous import URLSafeTimedSerializer, BadData from itsdangerous import URLSafeTimedSerializer, BadData
@ -206,9 +205,10 @@ class DigestAuth:
""" """
opaque: t.Optional[str] = None if not self.use_opaque else \ opaque: t.Optional[str] = None if not self.use_opaque else \
(state.opaque if state.opaque is not None (state.opaque if state.opaque is not None
else self.serializer.dumps(random(), salt="opaque")) else self.serializer.dumps(randbits(32), salt="opaque"))
nonce: str = self.serializer.dumps( nonce: str = self.serializer.dumps(
random(), salt="nonce" if opaque is None else f"nonce-{opaque}") randbits(32),
salt="nonce" if opaque is None else f"nonce-{opaque}")
header: str = f"Digest realm=\"{self.realm}\"" header: str = f"Digest realm=\"{self.realm}\""
if len(self.domain) > 0: if len(self.domain) > 0: