github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-02-12 07:01:02 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #771 from hedgedoc/fix/base64Url

Browse source
This commit is contained in:
David Mehren 2021-01-27 19:49:02 +01:00 committed by GitHub
commit 932cb636ff
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/auth/auth.service.ts
View file

@ -70,8 +70,8 @@ export class AuthService {
// base64url is quite easy buildable from base64
return text
.toString('base64')
.replace('+', '-')
.replace('/', '_')
.replace(/\+/g, '-')
.replace(/\//g, '_')
.replace(/=+$/, '');
}
@ -88,10 +88,9 @@ export class AuthService {
`User '${user.userName}' has already 200 tokens and can't have anymore`,
);
}
const secret = await this.randomString(64);
const secret = this.BufferToBase64Url(await this.randomString(64));
const keyId = this.BufferToBase64Url(await this.randomString(8));
const accessTokenString = await this.hashPassword(secret.toString());
const accessToken = this.BufferToBase64Url(Buffer.from(accessTokenString));
const accessToken = await this.hashPassword(secret);
let token;
// Tokens can only be valid for a maximum of 2 years
const maximumTokenValidity =