Skip to content

Commit 6696763

Browse files
jayashankarjayanjayashankarjayan
authored
removed usage of safe_str_cmp of werkzeug. using hmac.compare_digest instead (flasgger#532)
1 parent ab77be7 commit 6696763

File tree

1 file changed

+2
-3
lines changed

1 file changed

+2
-3
lines changed

examples/jwt_auth.py

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -31,10 +31,9 @@
3131
using basic HTTP auth on some web-server you will have to.
3232
"""
3333

34-
34+
import hmac
3535
from flask import Flask, jsonify, request
3636
from flask_jwt import JWT, jwt_required, current_identity, JWTError
37-
from werkzeug.security import safe_str_cmp
3837
from flasgger import Swagger
3938

4039

@@ -58,7 +57,7 @@ def __str__(self):
5857

5958
def authenticate(username, password):
6059
user = username_table.get(username, None)
61-
if user and safe_str_cmp(user.password.encode('utf-8'), password.encode('utf-8')):
60+
if user and hmac.compare_digest(user.password.encode('utf-8'), password.encode('utf-8')):
6261
return user
6362

6463

0 commit comments

Comments
 (0)