provvedo/wiregui
2
0
Fork 0
Code Issues Pull requests Projects Releases 6 Packages 1 Wiki Activity Actions

fix: use HMAC-SHA256 with secret key for API token hashing

Browse source
This commit is contained in:
Stefano Bertelli 2026-04-03 00:51:38 -05:00
parent 496334137d
commit 604446f8ca
2 changed files with 12 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

6
tests/test_api.py
View file

@ -1,8 +1,6 @@
"""Tests for REST API endpoints and token auth."""
import hashlib
from wiregui.auth.api_token import generate_api_token, resolve_bearer_token
from wiregui.auth.api_token import _token_hmac, generate_api_token, resolve_bearer_token
from wiregui.auth.passwords import hash_password
from wiregui.models.api_token import ApiToken
from wiregui.models.user import User
@ -15,7 +13,7 @@ from wiregui.utils.time import utcnow
def test_generate_api_token():
plaintext, token_hash = generate_api_token()
assert len(plaintext) > 20
assert token_hash == hashlib.sha512(plaintext.encode()).hexdigest()
assert token_hash == _token_hmac(plaintext)
def test_generate_api_token_unique():