Checkpoint, fixing reset token handling broken in earlier edits.

2025-08-06 09:55:14 -06:00
parent c42864794a
commit cf138d90c5
11 changed files with 392 additions and 170 deletions
--- a/passkey/util/tokens.py
+++ b/passkey/util/tokens.py
@@ -2,6 +2,8 @@ import base64
 import hashlib
 import secrets

+from .passphrase import is_well_formed
+

 def create_token() -> str:
    return secrets.token_urlsafe(12)  # 16 characters Base64
@@ -14,4 +16,10 @@ def session_key(token: str) -> bytes:


 def reset_key(passphrase: str) -> bytes:
+    if not is_well_formed(passphrase):
+        raise ValueError(
+            "Trying to reset with a session token in place of a passphrase"
+            if len(passphrase) == 16
+            else "Invalid passphrase format"
+        )
    return b"rset" + hashlib.sha512(passphrase.encode()).digest()[:12]