CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-05 15:14:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove print statement from debugging (Z#23225586)

Browse Source 
This was reported as a security issue, but we see no security impact or
exploitation path, as the security of PKCE relies on keeping the
verifier secret, not the challenge.
This commit is contained in:
Raphael Michel
2026-02-24 13:11:02 +01:00
parent 26f296bc11
commit aadce7be00
1 changed files with 0 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/pretix/presale/views/oidc_op.py
View File

@@ -393,7 +393,6 @@ class TokenView(View):
if grant.code_challenge_method == "S256": if grant.code_challenge_method == "S256":
expected_challenge = base64.urlsafe_b64encode(hashlib.sha256(request.POST["code_verifier"].encode()).digest()).decode().rstrip("=") expected_challenge = base64.urlsafe_b64encode(hashlib.sha256(request.POST["code_verifier"].encode()).digest()).decode().rstrip("=")
print(grant.code_challenge, expected_challenge)
if expected_challenge != grant.code_challenge: if expected_challenge != grant.code_challenge:
return JsonResponse({ return JsonResponse({
"error": "invalid_grant", "error": "invalid_grant",