derive the SSO keys from a KDF

master
Florent Daigniere 4 years ago
parent 99c7420f92
commit ef637f51b7

@ -3,6 +3,7 @@ import flask_bootstrap
from mailu import utils, debug, models, manage, configuration
import hmac
def create_app_from_config(config):
""" Create a new application based on the given configuration
@ -24,6 +25,8 @@ def create_app_from_config(config):
utils.proxy.init_app(app)
utils.migrate.init_app(app, models.db)
app.temp_token_key = hmac.new(bytearray(app.secret_key, 'utf-8'), bytearray('WEBMAIL_TEMP_TOKEN_KEY', 'utf-8'), 'sha256').digest()
# Initialize debugging tools
if app.config.get("DEBUG"):
debug.toolbar.init_app(app)

@ -429,10 +429,10 @@ class User(Base, Email):
@classmethod
def get_temp_token(cls, email):
user = cls.query.get(email)
return hmac.new(bytearray(app.secret_key,'utf-8'), bytearray("{}|{}".format(datetime.utcnow().strftime("%Y%m%d"), email), 'utf-8'), 'sha256').hexdigest() if (user and user.enabled) else None
return hmac.new(app.temp_token_key, bytearray("{}|{}".format(datetime.utcnow().strftime("%Y%m%d"), email), 'utf-8'), 'sha256').hexdigest() if (user and user.enabled) else None
def verify_temp_token(self, token):
return hmac.compare_digest(b''.fromhex(self.get_temp_token(self.email)), b''.fromhex(token))
return hmac.compare_digest(self.get_temp_token(self.email), token)

Loading…
Cancel
Save