28 lines
821 B
Python
28 lines
821 B
Python
"""Shared auth token helpers.
|
|
|
|
We keep password reset/invite token logic in one place so it can be used by:
|
|
- the normal "forgot password" flow
|
|
- company "invite user" flow
|
|
|
|
Tokens are signed with Flask SECRET_KEY and time-limited.
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
from itsdangerous import URLSafeTimedSerializer
|
|
|
|
|
|
def _serializer(secret_key: str) -> URLSafeTimedSerializer:
|
|
return URLSafeTimedSerializer(secret_key, salt="password-reset")
|
|
|
|
|
|
def make_password_reset_token(*, secret_key: str, user_id: int) -> str:
|
|
s = _serializer(secret_key)
|
|
return s.dumps({"user_id": int(user_id)})
|
|
|
|
|
|
def load_password_reset_user_id(*, secret_key: str, token: str, max_age_seconds: int) -> int:
|
|
s = _serializer(secret_key)
|
|
data = s.loads(token, max_age=max_age_seconds)
|
|
return int(data.get("user_id"))
|