From 7766723f600ba8250ac9293b03d4382c554ec6a5 Mon Sep 17 00:00:00 2001
From: "13621160019@163.com" <13621160019@163.com>
Date: Mon, 23 Aug 2021 15:38:49 +0800
Subject: [PATCH] changed user token hash algorithm from sha1 to sha256 in API

---
 admin/js/plugins/clockpicker/clockpicker.js | 2 +-
 myems-api/core/user.py                      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/admin/js/plugins/clockpicker/clockpicker.js b/admin/js/plugins/clockpicker/clockpicker.js
index 7f208aa6..e930b4ff 100644
--- a/admin/js/plugins/clockpicker/clockpicker.js
+++ b/admin/js/plugins/clockpicker/clockpicker.js
@@ -1,5 +1,5 @@
 /*!
- * ClockPicker v{package.version} (http://weareoutman.github.io/clockpicker/)
+ * ClockPicker v0.0.7 (http://weareoutman.github.io/clockpicker/)
  * Copyright 2014 Wang Shenwei.
  * Licensed under MIT (https://github.com/weareoutman/clockpicker/blob/gh-pages/LICENSE)
  */
diff --git a/myems-api/core/user.py b/myems-api/core/user.py
index dfd80ff5..f0961a21 100644
--- a/myems-api/core/user.py
+++ b/myems-api/core/user.py
@@ -431,7 +431,7 @@ class UserLogin:
                        "             (user_uuid, token, utc_expires) "
                        " VALUES (%s, %s, %s) ")
         user_uuid = result['uuid']
-        token = hashlib.sha1(os.urandom(24)).hexdigest()
+        token = hashlib.sha512(os.urandom(24)).hexdigest()
         utc_expires = datetime.utcnow() + timedelta(seconds=60 * 60 * 8)
         cursor.execute(add_session, (user_uuid, token, utc_expires))
         cnx.commit()