From 2c1dacb9b67b35840da8f812d6ddc0deb74d712d Mon Sep 17 00:00:00 2001
From: Tim Farrell <tim@thecookiejar.me>
Date: Thu, 1 Feb 2024 13:46:45 -0600
Subject: [PATCH] We should verify signatures to make the whole session secret
 meaningful.

---
 backend/utils/utils.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/utils/utils.py b/backend/utils/utils.py
index 768a2ebf1..8b722554b 100644
--- a/backend/utils/utils.py
+++ b/backend/utils/utils.py
@@ -48,7 +48,7 @@ def create_token(data: dict, expires_delta: Union[timedelta, None] = None) -> st
 
 def decode_token(token: str) -> Optional[dict]:
     try:
-        decoded = jwt.decode(token, SESSION_SECRET, options={"verify_signature": False})
+        decoded = jwt.decode(token, SESSION_SECRET)
         return decoded
     except Exception as e:
         return None