From 740ea36f7a06989f872150afa91472e3e2c34a03 Mon Sep 17 00:00:00 2001 From: Kevin Chung Date: Wed, 29 Apr 2020 22:45:11 -0400 Subject: [PATCH] Fix tokens using too-random of a value --- CTFd/utils/security/auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CTFd/utils/security/auth.py b/CTFd/utils/security/auth.py index 077e414..8c4824e 100644 --- a/CTFd/utils/security/auth.py +++ b/CTFd/utils/security/auth.py @@ -27,7 +27,7 @@ def generate_user_token(user, expiration=None): temp_token = UserTokens.query.filter_by(value=value).first() token = UserTokens( - user_id=user.id, expiration=expiration, value=hexencode(os.urandom(32)) + user_id=user.id, expiration=expiration, value=value ) db.session.add(token) db.session.commit()