yawaflua/Flask-Discord
1
0
Fork 0
mirror of https://github.com/yawaflua/Flask-Discord.git synced 2025-12-10 12:29:30 +02:00
Code Issues Packages Projects Releases Wiki Activity

Better session/key management

Browse Source
This commit is contained in:
William 'psyFi' Hatcher
2020-08-08 18:22:53 -05:00
parent 2ecddd11d1
commit 1eacfb6df1
1 changed files with 16 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
flask_discord/client.py
View File

@@ -94,14 +94,12 @@ class DiscordOAuth2Session(_http.DiscordOAuth2HttpClient):
# Encode any params into a jwt with the state as the key # Encode any params into a jwt with the state as the key
# Use generate_token in case state is None # Use generate_token in case state is None
session['DISCORD_RAW_OAUTH2_STATE'] = session.get("DISCORD_OAUTH2_STATE", generate_token()) session['DISCORD_JWT_KEY'] = session.get("DISCORD_JWT_KEY", generate_token())
state = jwt.encode(params, session.get("DISCORD_RAW_OAUTH2_STATE")) state = jwt.encode(params, session.get("DISCORD_JWT_KEY"))
discord_session = self._make_session(scope=scope, state=state) discord_session = self._make_session(scope=scope, state=state)
authorization_url, state = discord_session.authorization_url(configs.DISCORD_AUTHORIZATION_BASE_URL) authorization_url, state = discord_session.authorization_url(configs.DISCORD_AUTHORIZATION_BASE_URL)
session['DISCORD_OAUTH2_STATE'] = state.decode("utf-8")
# Save the encoded state as that's what Oauth2 lib is expecting
session["DISCORD_OAUTH2_STATE"] = state.decode("utf-8")
# Add special parameters to uri instead of state # Add special parameters to uri instead of state
uri_params = {'prompt': prompt} uri_params = {'prompt': prompt}
@@ -145,16 +143,24 @@ class DiscordOAuth2Session(_http.DiscordOAuth2HttpClient):
It fetches the authorization token and saves it flask It fetches the authorization token and saves it flask
`session <http://flask.pocoo.org/docs/1.0/api/#flask.session>`_ object. `session <http://flask.pocoo.org/docs/1.0/api/#flask.session>`_ object.
Raises
------
oauthlib.oauth2.rfc6749.errors.MismatchingStateError
jwt.exceptions.InvalidSignatureError
""" """
if request.values.get("error"): if request.values.get("error"):
return request.values["error"] return request.values["error"]
# Decode JWT. This only works if the state matches.
passed_state = request.args.get("state")
jwt_key = session.get("DISCORD_JWT_KEY")
decoded = jwt.decode(passed_state, jwt_key)
# Now that we've decoded the state, we can continue the oauth2 process
token = self._fetch_token() token = self._fetch_token()
self.save_authorization_token(token) self.save_authorization_token(token)
return decoded
# Decode any parameters passed through state variable
raw_oauth_state = session.get("DISCORD_RAW_OAUTH2_STATE")
passed_state = request.args.get("state")
return jwt.decode(passed_state, raw_oauth_state)
def revoke(self): def revoke(self):
"""This method clears current discord token, state and all session data from flask """This method clears current discord token, state and all session data from flask