diff options
| author | Matthew Somerville <matthew@mysociety.org> | 2020-06-10 14:29:35 +0100 |
|---|---|---|
| committer | Matthew Somerville <matthew@mysociety.org> | 2020-06-30 11:24:57 +0100 |
| commit | 51eae76dd663d23c1f4bb1e809e9c258e800cb73 (patch) | |
| tree | fc0bcf5c37119c302908319ec02abf7c8123f94b /perllib/FixMyStreet/App/Controller/Auth/Profile.pm | |
| parent | 3c98b8f4dbe7085d52887deff90681db552fb580 (diff) | |
Only show access tokens once, and store hashed.
Diffstat (limited to 'perllib/FixMyStreet/App/Controller/Auth/Profile.pm')
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Auth/Profile.pm | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Auth/Profile.pm b/perllib/FixMyStreet/App/Controller/Auth/Profile.pm index a89c6f539..a5dc5d3e7 100644 --- a/perllib/FixMyStreet/App/Controller/Auth/Profile.pm +++ b/perllib/FixMyStreet/App/Controller/Auth/Profile.pm @@ -188,9 +188,10 @@ sub generate_token : Path('/auth/generate_token') { if ($c->get_param('generate_token')) { my $token = mySociety::AuthToken::random_token(); - $c->user->set_extra_metadata('access_token', $token); + my $u = FixMyStreet::DB->resultset("User")->new({ password => $token }); + $c->user->set_extra_metadata('access_token', $u->password); $c->user->update; - $c->stash->{token_generated} = 1; + $c->stash->{token_generated} = $c->user->id . '-' . $token; } my $action = $c->get_param('2fa_action') || ''; @@ -224,7 +225,7 @@ sub generate_token : Path('/auth/generate_token') { } $c->stash->{has_2fa} = $has_2fa ? 1 : 0; - $c->stash->{existing_token} = $c->user->get_extra_metadata('access_token'); + $c->stash->{existing_token} = $c->user->get_extra_metadata('access_token') ? 1 : 0; } __PACKAGE__->meta->make_immutable; |