fix Use of a broken or weak cryptographic hashing (#7671)

Co-authored-by: lian <imwhatiam123@gmail.com>
2025-10-22 03:16:34 +00:00 · 2025-03-29 13:16:01 +08:00
parent c8026ddb6c
commit 5eb303c76b
6 changed files with 8 additions and 131 deletions
--- a/thirdpart/registration/models.py
+++ b/thirdpart/registration/models.py
@@ -115,7 +115,10 @@ class RegistrationManager(models.Manager):
        username = user.username
        if isinstance(username, str):
            username = username.encode('utf-8')
-        activation_key = hashlib.sha1(salt+username).hexdigest()
+
+        # Take the first 16 character to avoid errors.
+        # (1406, "Data too long for column 'activation_key' at row 1")
+        activation_key = hashlib.sha256(salt+username).hexdigest()[:16]
        return self.create(emailuser_id=user.id,
                           activation_key=activation_key)