Skip to content

Commit

Permalink
Fix: Check request token exists before compare it to secret token of …
Browse files Browse the repository at this point in the history 
…app.
  • Loading branch information
@nesitor
nesitor committed Feb 28, 2024
1 parent 87fc8d7 commit 5f3ccbd
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions src/aleph/vm/orchestrator/views/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,10 +114,12 @@ def authenticate_request(request: web.Request) -> None:

@cors_allow_all
async def about_login(request: web.Request) -> web.Response:
token = request.query.get("token")
if compare_digest(token, request.app["secret_token"]):
secret_token = request.app["secret_token"]
request_token = request.query.get("token")

if request_token and secret_token and compare_digest(request_token, secret_token):
response = web.HTTPFound("/about/config")
response.cookies["token"] = token
response.cookies["token"] = request_token
return response
else:
return web.json_response({"success": False}, status=401)
Expand Down

0 comments on commit 5f3ccbd

Please sign in to comment.