yawaflua/Flask-Discord
1
0
Fork 0
mirror of https://github.com/yawaflua/Flask-Discord.git synced 2025-12-09 20:09:30 +02:00
Code Issues Packages Projects Releases Wiki Activity

Include uniquely generated state secret on each new Discord session

Browse Source
This commit is contained in:
thec0sm0s
2020-10-26 00:24:08 +05:30
parent 1f1f3e211a
commit 9a2f413433
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
flask_discord/client.py
View File

@@ -4,8 +4,8 @@ import discord
from . import configs, _http, models, utils, exceptions
from oauthlib.common import add_params_to_uri
from flask import request, session, redirect, current_app
from oauthlib.common import add_params_to_uri, generate_token
class DiscordOAuth2Session(_http.DiscordOAuth2HttpClient):
@@ -93,7 +93,10 @@ class DiscordOAuth2Session(_http.DiscordOAuth2HttpClient):
if not prompt and set(scope) & set(configs.DISCORD_PASSTHROUGH_SCOPES):
raise ValueError("You should use explicit OAuth grant for passthrough scopes like bot.")
state = jwt.encode(data or dict(), current_app.config["SECRET_KEY"]).decode(encoding="utf-8")
data = data or dict()
data["__state_secret_"] = generate_token()
state = jwt.encode(data, current_app.config["SECRET_KEY"]).decode(encoding="utf-8")
discord_session = self._make_session(scope=scope, state=state)
authorization_url, state = discord_session.authorization_url(configs.DISCORD_AUTHORIZATION_BASE_URL)