the control panel auth hmac message should also include the user's password so that resetting a password in the database forces that user to log in to the control panel again; also use a sha256 hmac

2026-03-09 16:37:23 +01:00 · 2015-06-06 12:33:31 +00:00
parent 462a79cf47
commit e9e6d94e3b
4 changed files with 26 additions and 10 deletions
--- a/management/daemon.py
+++ b/management/daemon.py
@@ -118,7 +118,7 @@ def me():

 	# Is authorized as admin? Return an API key for future use.
 	if "admin" in privs:
-		resp["api_key"] = auth_service.create_user_key(email)
+		resp["api_key"] = auth_service.create_user_key(email, env)

 	# Return.
 	return json_response(resp)