darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-20 07:21:13 -05:00
Code Issues Packages Projects Releases Wiki Activity

make state non-arbitrary

Browse Source
This commit is contained in:
Kenneth Kehl
2024-04-02 13:18:21 -07:00
parent 9ecbfd24ff
commit 23e66db2a9
3 changed files with 34 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/service_invite/rest.py
View File

@@ -37,10 +37,20 @@ def _create_service_invite(invited_user, invite_link_host):
template = dao_get_template_by_id(template_id)
service = Service.query.get(current_app.config["NOTIFY_SERVICE_ID"])
token = generate_token(
str(invited_user.email_address),
current_app.config["SECRET_KEY"],
current_app.config["DANGEROUS_SALT"],
)
url = os.environ["LOGIN_DOT_GOV_REGISTRATION_URL"]
url = url.replace("NONCE", token)
url = url.replace("STATE", token)
personalisation = {
"user_name": invited_user.from_user.name,
"service_name": invited_user.service.name,
"url": os.environ["LOGIN_DOT_GOV_REGISTRATION_URL"],
"url": url,
}
saved_notification = persist_notification(