diff --git a/keystoneauth1/session.py b/keystoneauth1/session.py index 2e3e8874..2a5d4d05 100644 --- a/keystoneauth1/session.py +++ b/keystoneauth1/session.py @@ -365,10 +365,10 @@ class Session(object): secure_headers = ('authorization', 'x-auth-token', 'x-subject-token', 'x-service-token') if header[0].lower() in secure_headers: - token_hasher = hashlib.sha1() + token_hasher = hashlib.sha256() token_hasher.update(header[1].encode('utf-8')) token_hash = token_hasher.hexdigest() - return (header[0], '{SHA1}%s' % token_hash) + return (header[0], '{SHA256}%s' % token_hash) return header def _get_split_loggers(self, split_loggers): diff --git a/keystoneauth1/tests/unit/test_session.py b/keystoneauth1/tests/unit/test_session.py index 09c7cd5e..2927740349 100644 --- a/keystoneauth1/tests/unit/test_session.py +++ b/keystoneauth1/tests/unit/test_session.py @@ -324,7 +324,7 @@ class SessionTests(utils.TestCase): # Assert that response headers contains actual values and # only debug logs has been masked for k, v in security_headers.items(): - self.assertIn('%s: {SHA1}' % k, self.logger.output) + self.assertIn('%s: {SHA256}' % k, self.logger.output) self.assertEqual(v, resp.headers[k]) self.assertNotIn(v, self.logger.output)