mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-29 06:15:29 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #771 from hedgedoc/fix/base64Url

Browse source
This commit is contained in:
David Mehren 2021-01-27 19:49:02 +01:00 committed by GitHub
commit 932cb636ff
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/auth/auth.service.ts
View file

@ -70,8 +70,8 @@ export class AuthService {
// base64url is quite easy buildable from base64 // base64url is quite easy buildable from base64
return text return text
.toString('base64') .toString('base64')
.replace('+', '-') .replace(/\+/g, '-')
.replace('/', '_') .replace(/\//g, '_')
.replace(/=+$/, ''); .replace(/=+$/, '');
} }
@ -88,10 +88,9 @@ export class AuthService {
`User '${user.userName}' has already 200 tokens and can't have anymore`, `User '${user.userName}' has already 200 tokens and can't have anymore`,
); );
} }
const secret = await this.randomString(64); const secret = this.BufferToBase64Url(await this.randomString(64));
const keyId = this.BufferToBase64Url(await this.randomString(8)); const keyId = this.BufferToBase64Url(await this.randomString(8));
const accessTokenString = await this.hashPassword(secret.toString()); const accessToken = await this.hashPassword(secret);
const accessToken = this.BufferToBase64Url(Buffer.from(accessTokenString));
let token; let token;
// Tokens can only be valid for a maximum of 2 years // Tokens can only be valid for a maximum of 2 years
const maximumTokenValidity = const maximumTokenValidity =