diff options
Diffstat (limited to 'models/token.go')
| -rw-r--r-- | models/token.go | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/models/token.go b/models/token.go index 4737dddda3..357afe44a7 100644 --- a/models/token.go +++ b/models/token.go @@ -57,9 +57,15 @@ func GetAccessTokenBySHA(token string) (*AccessToken, error) { if token == "" { return nil, ErrAccessTokenEmpty{} } - if len(token) < 8 { + // A token is defined as being SHA1 sum these are 40 hexadecimal bytes long + if len(token) != 40 { return nil, ErrAccessTokenNotExist{token} } + for _, x := range []byte(token) { + if x < '0' || (x > '9' && x < 'a') || x > 'f' { + return nil, ErrAccessTokenNotExist{token} + } + } var tokens []AccessToken lastEight := token[len(token)-8:] err := x.Table(&AccessToken{}).Where("token_last_eight = ?", lastEight).Find(&tokens) |