squeegily
/
pleroma
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 42 Wiki Activity
Browse Source

oauth: never use base64 padding when returning tokens to applications 

The normal Base64 alphabet uses the equals sign (=) as a padding character.  Since
Base64 strings are self-synchronizing, padding characters are unnecessary, so don't
generate them in the first place.
tags/v1.1.4
William Pitcock 5 years ago
parent
1ef4741861
commit
e9ef4b8da6
4 changed files with 12 additions and 6 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +8
    -2
      lib/pleroma/web/oauth/app.ex
  2. +1
    -1
      lib/pleroma/web/oauth/authorization.ex
  3. +1
    -1
      lib/pleroma/web/oauth/oauth_controller.ex
  4. +2
    -2
      lib/pleroma/web/oauth/token.ex

+ 8
- 2
lib/pleroma/web/oauth/app.ex View File

@@ -25,8 +25,14 @@ defmodule Pleroma.Web.OAuth.App do

if changeset.valid? do
changeset
|> put_change(:client_id, :crypto.strong_rand_bytes(32) |> Base.url_encode64())
|> put_change(:client_secret, :crypto.strong_rand_bytes(32) |> Base.url_encode64())
|> put_change(
:client_id,
:crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)
)
|> put_change(
:client_secret,
:crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)
)
else
changeset
end


+ 1
- 1
lib/pleroma/web/oauth/authorization.ex View File

@@ -24,7 +24,7 @@ defmodule Pleroma.Web.OAuth.Authorization do
end

def create_authorization(%App{} = app, %User{} = user) do
token = :crypto.strong_rand_bytes(32) |> Base.url_encode64()
token = :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)

authorization = %Authorization{
token: token,


+ 1
- 1
lib/pleroma/web/oauth/oauth_controller.ex View File

@@ -173,7 +173,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do
token
|> URI.decode()
|> Base.url_decode64!(padding: false)
|> Base.url_encode64()
|> Base.url_encode64(padding: false)
end

defp get_app_from_request(conn, params) do


+ 2
- 2
lib/pleroma/web/oauth/token.ex View File

@@ -31,8 +31,8 @@ defmodule Pleroma.Web.OAuth.Token do
end

def create_token(%App{} = app, %User{} = user) do
token = :crypto.strong_rand_bytes(32) |> Base.url_encode64()
refresh_token = :crypto.strong_rand_bytes(32) |> Base.url_encode64()
token = :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)
refresh_token = :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)

token = %Token{
token: token,


Write Preview
Loading…
Cancel
Save