Fix access token being exposed after APIToken edit

author rubenwardy <rw@rubenwardy.com>

Sat, 25 Jan 2020 18:26:55 +0000 (18:26 +0000)

committer rubenwardy <rw@rubenwardy.com>

Sat, 25 Jan 2020 18:26:55 +0000 (18:26 +0000)
author rubenwardy <rw@rubenwardy.com>
Sat, 25 Jan 2020 18:26:55 +0000 (18:26 +0000)
committer rubenwardy <rw@rubenwardy.com>
Sat, 25 Jan 2020 18:26:55 +0000 (18:26 +0000)
diff --git a/app/blueprints/api/tokens.py b/app/blueprints/api/tokens.py

index b8da78dbcf896e6bc9e6c41b754b24b0797afefb..8eb2a67108917fdb5b11d11d30049ae4ca3383b7 100644 (file)
--- a/app/blueprints/api/tokens.py
+++ b/app/blueprints/api/tokens.py
@@ -80,14 +80,13 @@ def create_edit_token(username, id=None):
                         token.owner = user
                         token.access_token = randomString(32)
  
+                       # Store token so it can be shown in the edit page
+                       session["token_" + str(token.id)] = token.access_token
+
                 form.populate_obj(token)
                 db.session.add(token)
-
                 db.session.commit() # save
  
-               # Store token so it can be shown in the edit page
-               session["token_" + str(token.id)] = token.access_token
-
                 return redirect(url_for("api.create_edit_token", username=username, id=token.id))
  
         return render_template("api/create_edit_token.html", user=user, form=form, token=token, access_token=access_token)
author	rubenwardy <rw@rubenwardy.com>
	Sat, 25 Jan 2020 18:26:55 +0000 (18:26 +0000)
committer	rubenwardy <rw@rubenwardy.com>
	Sat, 25 Jan 2020 18:26:55 +0000 (18:26 +0000)