providers/oauth2: use generate_key instead of uuid4

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-12-13 22:13:20 +01:00
parent 4911a243ff
commit 69678dcfa6

View file

@ -8,7 +8,6 @@ from datetime import datetime
from hashlib import sha256 from hashlib import sha256
from typing import Any, Optional, Type from typing import Any, Optional, Type
from urllib.parse import urlparse from urllib.parse import urlparse
from uuid import uuid4
from dacite import from_dict from dacite import from_dict
from django.db import models from django.db import models
@ -225,7 +224,7 @@ class OAuth2Provider(Provider):
token = RefreshToken( token = RefreshToken(
user=user, user=user,
provider=self, provider=self,
refresh_token=uuid4().hex, refresh_token=generate_key(),
expires=timezone.now() + timedelta_from_string(self.token_validity), expires=timezone.now() + timedelta_from_string(self.token_validity),
scope=scope, scope=scope,
) )
@ -434,7 +433,7 @@ class RefreshToken(ExpiringModel, BaseGrantModel):
"""Create access token with a similar format as Okta, Keycloak, ADFS""" """Create access token with a similar format as Okta, Keycloak, ADFS"""
token = self.create_id_token(user, request).to_dict() token = self.create_id_token(user, request).to_dict()
token["cid"] = self.provider.client_id token["cid"] = self.provider.client_id
token["uid"] = uuid4().hex token["uid"] = generate_key()
return self.provider.encode(token) return self.provider.encode(token)
def create_id_token(self, user: User, request: HttpRequest) -> IDToken: def create_id_token(self, user: User, request: HttpRequest) -> IDToken: