We should verify signatures to make the whole session secret meaningful.

2c1dacb9 · Tim Farrell · 03a7e359 · 2c1dacb9
Commit 2c1dacb9 authored Feb 01, 2024 by Tim Farrell
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

backend/utils/utils.py backend/utils/utils.py +1 -1

No files found.
--- a/backend/utils/utils.py
+++ b/backend/utils/utils.py
@@ -48,7 +48,7 @@ def create_token(data: dict, expires_delta: Union[timedelta, None] = None) -> st

 def decode_token(token: str) -> Optional[dict]:
    try:
-        decoded = jwt.decode(token, SESSION_SECRET, options={"verify_signature": False})
+        decoded = jwt.decode(token, SESSION_SECRET)
        return decoded
    except Exception as e:
        return None