Harden OAuth refresh token file permissions

2026-06-20 03:49:24 +00:00 · 2026-06-18 11:20:45 -06:00
parent d1d1fc89cf
commit 3a99a87755
2 changed files with 5 additions and 2 deletions
--- a/ttrv/version.py
+++ b/ttrv/version.py
@@ -1,4 +1,4 @@
 # -*- coding: utf-8 -*-
 from __future__ import unicode_literals

-__version__ = '1.27.4'
+__version__ = '1.27.5'
--- a/ttrv/config.py
+++ b/ttrv/config.py
@@ -196,8 +196,11 @@ class Config(object):

    def save_refresh_token(self):
        self._ensure_filepath(self.token_file)
-        with open(self.token_file, 'w+') as fp:
+        flags = os.O_WRONLY | os.O_CREAT | os.O_TRUNC
+        fd = os.open(self.token_file, flags, 0o600)
+        with os.fdopen(fd, 'w') as fp:
            fp.write(self.refresh_token)
+        os.chmod(self.token_file, 0o600)

    def delete_refresh_token(self):
        if os.path.exists(self.token_file):