From 5fbcbfb68cc93efdcce6b5517abe8230dfd5d933 Mon Sep 17 00:00:00 2001
From: Miguel Gonzalez <migonzalvar@gmail.com>
Date: Tue, 16 Jan 2018 20:11:04 +0100
Subject: [PATCH] Increase entropy of tokens used for authentication

---
 taiga/users/api.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/taiga/users/api.py b/taiga/users/api.py
index 7bda81be..d6c8a7ec 100644
--- a/taiga/users/api.py
+++ b/taiga/users/api.py
@@ -134,7 +134,7 @@ class UsersViewSet(ModelCrudViewSet):
                 raise exc.WrongArguments(_("Not valid email"))
 
             # We need to generate a token for the email
-            request.user.email_token = str(uuid.uuid1())
+            request.user.email_token = str(uuid.uuid4())
             request.user.new_email = new_email
             request.user.save(update_fields=["email_token", "new_email"])
             email = mail_builder.change_email(
@@ -172,7 +172,7 @@ class UsersViewSet(ModelCrudViewSet):
             raise exc.WrongArguments(_("Invalid username or email"))
 
         user = get_user_by_username_or_email(username_or_email)
-        user.token = str(uuid.uuid1())
+        user.token = str(uuid.uuid4())
         user.save(update_fields=["token"])
 
         email = mail_builder.password_recovery(user, {"user": user})