Fix access token being exposed after APIToken editv1.23.3

author: rubenwardy <rw@rubenwardy.com> 2020-01-25 18:26:55 +0000
committer: rubenwardy <rw@rubenwardy.com> 2020-01-25 18:26:55 +0000
commit: 36615ef656055aeae3466b36440cdd97740d06ef (patch)
tree: 68909a44e7674f722d4eb2b6d9fb0ac1f58f418d /app/blueprints/api/tokens.py
parent: 53a5dffb2694b778291bc2d515b86d05ac297742 (diff)
download: cheatdb-36615ef656055aeae3466b36440cdd97740d06ef.tar.xz
1 files changed, 3 insertions, 4 deletions
diff --git a/app/blueprints/api/tokens.py b/app/blueprints/api/tokens.py
index b8da78d..8eb2a67 100644
--- a/app/blueprints/api/tokens.py
+++ b/app/blueprints/api/tokens.py
@@ -80,14 +80,13 @@ def create_edit_token(username, id=None):
 			token.owner = user
 			token.access_token = randomString(32)
 
+			# Store token so it can be shown in the edit page
+			session["token_" + str(token.id)] = token.access_token
+
 		form.populate_obj(token)
 		db.session.add(token)
-
 		db.session.commit() # save
 
-		# Store token so it can be shown in the edit page
-		session["token_" + str(token.id)] = token.access_token
-
 		return redirect(url_for("api.create_edit_token", username=username, id=token.id))
 
 	return render_template("api/create_edit_token.html", user=user, form=form, token=token, access_token=access_token)
author	rubenwardy <rw@rubenwardy.com>	2020-01-25 18:26:55 +0000
committer	rubenwardy <rw@rubenwardy.com>	2020-01-25 18:26:55 +0000
commit	36615ef656055aeae3466b36440cdd97740d06ef (patch)
tree	68909a44e7674f722d4eb2b6d9fb0ac1f58f418d /app/blueprints/api/tokens.py
parent	53a5dffb2694b778291bc2d515b86d05ac297742 (diff)
download	cheatdb-36615ef656055aeae3466b36440cdd97740d06ef.tar.xz