changed user token hash algorithm from sha1 to sha256 in API

2021-08-23 15:38:49 +08:00 · 2021-08-23 15:38:49 +08:00 · 7766723f60
parent 49a5d433c6
commit 7766723f60
2 changed files with 2 additions and 2 deletions
--- a/admin/js/plugins/clockpicker/clockpicker.js
+++ b/admin/js/plugins/clockpicker/clockpicker.js
@ -1,5 +1,5 @@
 /*!
- * ClockPicker v{package.version} (http://weareoutman.github.io/clockpicker/)
+ * ClockPicker v0.0.7 (http://weareoutman.github.io/clockpicker/)
 * Copyright 2014 Wang Shenwei.
 * Licensed under MIT (https://github.com/weareoutman/clockpicker/blob/gh-pages/LICENSE)
 */
--- a/myems-api/core/user.py
+++ b/myems-api/core/user.py
@ -431,7 +431,7 @@ class UserLogin:
                       "             (user_uuid, token, utc_expires) "
                       " VALUES (%s, %s, %s) ")
        user_uuid = result['uuid']
-        token = hashlib.sha1(os.urandom(24)).hexdigest()
+        token = hashlib.sha512(os.urandom(24)).hexdigest()
        utc_expires = datetime.utcnow() + timedelta(seconds=60 * 60 * 8)
        cursor.execute(add_session, (user_uuid, token, utc_expires))
        cnx.commit()