From 0258aaa17cca8062ca933d6418fc5501ed2e266b Mon Sep 17 00:00:00 2001
From: "jayashankar.jayan" <jayashankar.jayan@gmail.com>
Date: Sat, 14 May 2022 13:08:16 +0530
Subject: [PATCH] removed usage of safe_str_cmp of werkzeug. using
 hmac.compare_digest instead

---
 examples/jwt_auth.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/examples/jwt_auth.py b/examples/jwt_auth.py
index 8c2b5113..83b21e52 100644
--- a/examples/jwt_auth.py
+++ b/examples/jwt_auth.py
@@ -31,10 +31,9 @@
 using basic HTTP auth on some web-server you will have to.
 """
 
-
+import hmac
 from flask import Flask, jsonify, request
 from flask_jwt import JWT, jwt_required, current_identity, JWTError
-from werkzeug.security import safe_str_cmp
 from flasgger import Swagger
 
 
@@ -58,7 +57,7 @@ def __str__(self):
 
 def authenticate(username, password):
     user = username_table.get(username, None)
-    if user and safe_str_cmp(user.password.encode('utf-8'), password.encode('utf-8')):
+    if user and hmac.compare_digest(user.password.encode('utf-8'), password.encode('utf-8')):
         return user