oauth: never use base64 padding when returning tokens to applications
The normal Base64 alphabet uses the equals sign (=) as a padding character. Since Base64 strings are self-synchronizing, padding characters are unnecessary, so don't generate them in the first place.
This commit is contained in:
parent
1ef4741861
commit
e9ef4b8da6
4 changed files with 12 additions and 6 deletions
|
@ -25,8 +25,14 @@ defmodule Pleroma.Web.OAuth.App do
|
||||||
|
|
||||||
if changeset.valid? do
|
if changeset.valid? do
|
||||||
changeset
|
changeset
|
||||||
|> put_change(:client_id, :crypto.strong_rand_bytes(32) |> Base.url_encode64())
|
|> put_change(
|
||||||
|> put_change(:client_secret, :crypto.strong_rand_bytes(32) |> Base.url_encode64())
|
:client_id,
|
||||||
|
:crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)
|
||||||
|
)
|
||||||
|
|> put_change(
|
||||||
|
:client_secret,
|
||||||
|
:crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)
|
||||||
|
)
|
||||||
else
|
else
|
||||||
changeset
|
changeset
|
||||||
end
|
end
|
||||||
|
|
|
@ -24,7 +24,7 @@ defmodule Pleroma.Web.OAuth.Authorization do
|
||||||
end
|
end
|
||||||
|
|
||||||
def create_authorization(%App{} = app, %User{} = user) do
|
def create_authorization(%App{} = app, %User{} = user) do
|
||||||
token = :crypto.strong_rand_bytes(32) |> Base.url_encode64()
|
token = :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)
|
||||||
|
|
||||||
authorization = %Authorization{
|
authorization = %Authorization{
|
||||||
token: token,
|
token: token,
|
||||||
|
|
|
@ -173,7 +173,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do
|
||||||
token
|
token
|
||||||
|> URI.decode()
|
|> URI.decode()
|
||||||
|> Base.url_decode64!(padding: false)
|
|> Base.url_decode64!(padding: false)
|
||||||
|> Base.url_encode64()
|
|> Base.url_encode64(padding: false)
|
||||||
end
|
end
|
||||||
|
|
||||||
defp get_app_from_request(conn, params) do
|
defp get_app_from_request(conn, params) do
|
||||||
|
|
|
@ -31,8 +31,8 @@ defmodule Pleroma.Web.OAuth.Token do
|
||||||
end
|
end
|
||||||
|
|
||||||
def create_token(%App{} = app, %User{} = user) do
|
def create_token(%App{} = app, %User{} = user) do
|
||||||
token = :crypto.strong_rand_bytes(32) |> Base.url_encode64()
|
token = :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)
|
||||||
refresh_token = :crypto.strong_rand_bytes(32) |> Base.url_encode64()
|
refresh_token = :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)
|
||||||
|
|
||||||
token = %Token{
|
token = %Token{
|
||||||
token: token,
|
token: token,
|
||||||
|
|
Loading…
Reference in a new issue