evazion b2cf765d6d users: refactor login and authentication logic. ...

* Make authentication methods into User instance methods instead of
  class methods.
* Fix API key authentication to use a secure string comparison. Fixes a
  hypothetical (unlikely to be exploitable) timing attack.
* Move login logic from SessionCreator to SessionLoader.

2020-03-25 18:48:43 -05:00

7.3 KiB

Raw Blame History

View Raw