« back to all changes in this revision
Viewing changes to src/webui/tests/test_views_account.py
- Committer: Tarmac
- Date: 2015-10-28 15:25:00 UTC
- mfrom: (1341.2.16 hash-4-use-hashed-token)
- Revision ID: tarmac-20151028152500-m3fjt2z60hu8uqak
[r=ricardokirkner,james-w] Store only AuthToken hashes in the database.
Since AuthTokens are security-sensitive, once a raw token is generated and sent to the user via either e-mail or URL redirection, the raw value is discarded and only a hash is kept in the database. So raw tokens can't be recovered directly from the database.
The data is stored in the same existing "token" column (though renamed at model-level to "hashed_token").
The code accounts for "old-style", raw tokens to be stored in the same table; all existing tokens continue to be valid and can be used. However, only "new-style", hashed tokens will be stored in the future.
Since AuthTokens are security-sensitive, once a raw token is generated and sent to the user via either e-mail or URL redirection, the raw value is discarded and only a hash is kept in the database. So raw tokens can't be recovered directly from the database.
The data is stored in the same existing "token" column (though renamed at model-level to "hashed_token").
The code accounts for "old-style", raw tokens to be stored in the same table; all existing tokens continue to be valid and can be used. However, only "new-style", hashed tokens will be stored in the future.
- files modified:
- po/api/api.pot
added
removed
src/webui/tests/test_views_account.py
