oauth: never use base64 padding when returning tokens to applications
The normal Base64 alphabet uses the equals sign (=) as a padding character. Since Base64 strings are self-synchronizing, padding characters are unnecessary, so don't generate them in the first place.
This commit is contained in:
parent
1ef4741861
commit
e9ef4b8da6
4 changed files with 12 additions and 6 deletions
|
@ -25,8 +25,14 @@ defmodule Pleroma.Web.OAuth.App do
|
|||
|
||||
if changeset.valid? do
|
||||
changeset
|
||||
|> put_change(:client_id, :crypto.strong_rand_bytes(32) |> Base.url_encode64())
|
||||
|> put_change(:client_secret, :crypto.strong_rand_bytes(32) |> Base.url_encode64())
|
||||
|> put_change(
|
||||
:client_id,
|
||||
:crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)
|
||||
)
|
||||
|> put_change(
|
||||
:client_secret,
|
||||
:crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)
|
||||
)
|
||||
else
|
||||
changeset
|
||||
end
|
||||
|
|
|
@ -24,7 +24,7 @@ defmodule Pleroma.Web.OAuth.Authorization do
|
|||
end
|
||||
|
||||
def create_authorization(%App{} = app, %User{} = user) do
|
||||
token = :crypto.strong_rand_bytes(32) |> Base.url_encode64()
|
||||
token = :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)
|
||||
|
||||
authorization = %Authorization{
|
||||
token: token,
|
||||
|
|
|
@ -173,7 +173,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do
|
|||
token
|
||||
|> URI.decode()
|
||||
|> Base.url_decode64!(padding: false)
|
||||
|> Base.url_encode64()
|
||||
|> Base.url_encode64(padding: false)
|
||||
end
|
||||
|
||||
defp get_app_from_request(conn, params) do
|
||||
|
|
|
@ -31,8 +31,8 @@ defmodule Pleroma.Web.OAuth.Token do
|
|||
end
|
||||
|
||||
def create_token(%App{} = app, %User{} = user) do
|
||||
token = :crypto.strong_rand_bytes(32) |> Base.url_encode64()
|
||||
refresh_token = :crypto.strong_rand_bytes(32) |> Base.url_encode64()
|
||||
token = :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)
|
||||
refresh_token = :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)
|
||||
|
||||
token = %Token{
|
||||
token: token,
|
||||
|
|
Loading…
Reference in a new issue