From 3db5ba8ef354d80f080cc1baacf33d77ccbb6222 Mon Sep 17 00:00:00 2001
From: John Estabrook <jestabro@vyos.io>
Date: Tue, 25 Oct 2022 09:22:50 -0500
Subject: graphql: T4574: set byte length of shared secret from CLI

---
 src/services/api/graphql/libs/token_auth.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/services/api')

diff --git a/src/services/api/graphql/libs/token_auth.py b/src/services/api/graphql/libs/token_auth.py
index fafb0f5af..3ecd8b855 100644
--- a/src/services/api/graphql/libs/token_auth.py
+++ b/src/services/api/graphql/libs/token_auth.py
@@ -11,7 +11,8 @@ def _check_passwd_pam(username: str, passwd: str) -> bool:
     return False
 
 def init_secret():
-    secret = token_hex(16)
+    length = int(state.settings['app'].state.vyos_secret_len)
+    secret = token_hex(length)
     state.settings['secret'] = secret
 
 def generate_token(user: str, passwd: str, secret: str, exp: int) -> dict:
-- 
cgit v1.2.3