Skip to content

Commit

Permalink
The IP claim in the Approov token should not be checked when it does …
Browse files Browse the repository at this point in the history 
…not exist
  • Loading branch information
Jamie Smith committed Oct 26, 2016
1 parent c91806a commit 0829048
Showing 1 changed file with 10 additions and 7 deletions.
17 changes: 10 additions & 7 deletions shapes/server/runServer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,14 +33,17 @@ def verifyToken(token, clientIP):
# Token could not be decoded, token is bad
return 0

# Get IP Hash from token contents
issuedIP = (tokenContents['ip'])
return 1
# Get IP Hash from token contents if present then check it
try:
issuedIP = (tokenContents['ip'])

# Compare the issued IP hash with the hash of the requester IP
if clientIP != issuedIP:
# Requester IP did not match issued IP
return 0
# Compare the issued IP hash with the hash of the requester IP
if clientIP != issuedIP:
# Requester IP did not match issued IP
return 0
except:
# There is no IP claim, we don't need to check it
pass

# Token was decoded successfully, token is good
return 1
Expand Down

0 comments on commit 0829048

Please sign in to comment.