From 8b71a92219bd9e477eaa13536ff298a989858dcd Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Sat, 3 Jul 2021 22:32:47 +0200 Subject: [PATCH] use fixed msg for key derivation --- core/admin/mailu/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/admin/mailu/utils.py b/core/admin/mailu/utils.py index c7e1f73c..02150754 100644 --- a/core/admin/mailu/utils.py +++ b/core/admin/mailu/utils.py @@ -280,7 +280,7 @@ class MailuSessionConfig: key = want_bytes(app.secret_key) - self._hmac = hmac.new(hmac.digest(key, key, digest='sha256'), digestmod='sha256') + self._hmac = hmac.new(hmac.digest(key, b'SESSION_UID_HASH', digest='sha256'), digestmod='sha256') self._uid_len = uid_bytes self._uid_b64 = len(self._encode(bytes(uid_bytes))) self._sid_len = sid_bytes