particle-os/debian-koji
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

web: use sha1 for token generation instead of md5(disabled by FIPS)

Browse source 
fixes: #2291
This commit is contained in:
Yu Ming Zhu 2020-06-16 11:30:46 +00:00 committed by Tomas Kopecek
parent fc4cb3d37e
commit 0a61104280
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
www/lib/kojiweb/util.py
View file

@ -173,7 +173,7 @@ def _genToken(environ, tstamp=None):
tstamp = _truncTime()
value = user + str(tstamp) + environ['koji.options']['Secret'].value
value = value.encode('utf-8')
return hashlib.md5(value).hexdigest()[-8:]
return hashlib.sha1(value).hexdigest()[-8:]
def _getValidTokens(environ):