diff options
Diffstat (limited to 'okupy/common')
| -rw-r--r-- | okupy/common/crypto.py | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/okupy/common/crypto.py b/okupy/common/crypto.py index e019ecb..0860359 100644 --- a/okupy/common/crypto.py +++ b/okupy/common/crypto.py @@ -130,10 +130,14 @@ class SessionRefCipher(object): session_id = session_id[self.random_prefix_bytes:] session = SessionStore(session_key=session_id) if session.get('encrypted_id') == eid: + # circular import + from .models import RevokedToken + # revoke to prevent replay attacks - del session['encrypted_id'] - session.save() - return session + if RevokedToken.add(eid): + del session['encrypted_id'] + session.save() + return session raise ValueError('Invalid session id') |