Merge pull request #4 from saaditDE/patch-1

Fix for newest Werkzeug safe_str_cmp removal fix
greenape · Jun 13, 2022 · 2c2911a · 2c2911a
2 parents 11ac3bf + 07caf0c
commit 2c2911a
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/quart_jwt_extended/tokens.py b/quart_jwt_extended/tokens.py
@@ -2,8 +2,8 @@
 import uuid
 from calendar import timegm
 
+import hmac
 import jwt
-from werkzeug.security import safe_str_cmp
 
 from quart_jwt_extended.exceptions import JWTDecodeError, CSRFError
 
@@ -214,6 +214,6 @@ def decode_jwt(
     if csrf_value:
         if "csrf" not in data:
             raise JWTDecodeError("Missing claim: csrf")
-        if not safe_str_cmp(data["csrf"], csrf_value):
+        if not hmac.compare_digest (data["csrf"], csrf_value):
             raise CSRFError("CSRF double submit tokens do not match")
     return data