imacat/flask-digestauth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 15 Wiki Activity

Replaced random.random() with secrets.randbits() in the make_response_header method of the DigestAuth class.

Browse Source
This commit is contained in:
依瑪貓 2022-11-29 19:13:50 +08:00
parent 0f3694ba05
commit f3b525d715
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/flask_digest_auth/auth.py
View File

@ -24,8 +24,7 @@ from __future__ import annotations
import sys
import typing as t
from functools import wraps
from random import random
from secrets import token_urlsafe
from secrets import token_urlsafe, randbits
from flask import g, request, Response, session, abort, Flask, Request
from itsdangerous import URLSafeTimedSerializer, BadData
@ -206,9 +205,10 @@ class DigestAuth:
"""
opaque: t.Optional[str] = None if not self.use_opaque else \
(state.opaque if state.opaque is not None
else self.serializer.dumps(random(), salt="opaque"))
else self.serializer.dumps(randbits(32), salt="opaque"))
nonce: str = self.serializer.dumps(
random(), salt="nonce" if opaque is None else f"nonce-{opaque}")
randbits(32),
salt="nonce" if opaque is None else f"nonce-{opaque}")
header: str = f"Digest realm=\"{self.realm}\""
if len(self.domain) > 0: