From f6c51fc628a0a239589139ff632ce5926df7cd99 Mon Sep 17 00:00:00 2001
From: Jorran de Wit <jorrandewit@outlook.com>
Date: Thu, 10 May 2018 11:43:37 +0200
Subject: [PATCH] Quickfix: hash is guessable

---
 partners/models.py | 2 +-
 scipost/models.py  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/partners/models.py b/partners/models.py
index d8c0b21da..8cd668903 100644
--- a/partners/models.py
+++ b/partners/models.py
@@ -182,7 +182,7 @@ class Contact(models.Model):
             feed += random.choice(string.ascii_letters)
         feed = feed.encode('utf8')
         salt = self.user.username.encode('utf8')
-        self.activation_key = hashlib.sha1(salt+salt).hexdigest()
+        self.activation_key = hashlib.sha1(salt + feed).hexdigest()
         self.key_expires = now + datetime.timedelta(days=2)
 
     def save(self, *args, **kwargs):
diff --git a/scipost/models.py b/scipost/models.py
index e6c4d4df1..69cb8fbca 100644
--- a/scipost/models.py
+++ b/scipost/models.py
@@ -108,7 +108,7 @@ class Contributor(models.Model):
             feed += random.choice(string.ascii_letters)
         feed = feed.encode('utf8')
         salt = self.user.username.encode('utf8')
-        self.activation_key = hashlib.sha1(salt + salt).hexdigest()
+        self.activation_key = hashlib.sha1(salt + feed).hexdigest()
         self.key_expires = datetime.datetime.now() + datetime.timedelta(days=2)
 
     def expertises_as_string(self):
-- 
GitLab