IT-Naturschutz/konova
7
0
Fork 0
Code Issues 6 Pull Requests Actions Projects Releases 45 Wiki Activity

# Propagation improvement

Browse Source 
* fixes documentation and variable names on oauth token revocation
* introduces private key for propagation
* changes key usage in decryption of propagated user data from oauth_client_id to private propagation key
This commit is contained in:
mpeltriaux
2024-12-23 10:45:08 +01:00
parent 1c24cbea26
commit 9149e4cbd3
5 changed files with 17 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
user/views/propagate.py
View File

@@ -16,7 +16,7 @@ from django.utils.decorators import method_decorator
from django.views import View
from django.views.decorators.csrf import csrf_exempt
from konova.sub_settings.sso_settings import OAUTH_CLIENT_ID
from konova.sub_settings.sso_settings import PROPAGATION_SECRET
from user.models import User
@@ -36,7 +36,7 @@ class PropagateUserView(View):
# Decrypt
encrypted_body = request.body
_hash = hashlib.md5()
_hash.update(OAUTH_CLIENT_ID.encode("utf-8"))
_hash.update(PROPAGATION_SECRET.encode("utf-8"))
key = base64.urlsafe_b64encode(_hash.hexdigest().encode("utf-8"))
fernet = Fernet(key)
body = fernet.decrypt(encrypted_body).decode("utf-8")