Fix tj#15: use sha1 hashes for double signing

tenbits · Jun 25, 2014 · f1465ee · f1465ee
1 parent 1d1b25b
commit f1465ee
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/index.js b/index.js
@@ -39,5 +39,13 @@ exports.unsign = function(val, secret){
   var str = val.slice(0, val.lastIndexOf('.'))
     , mac = exports.sign(str, secret);
 
-  return exports.sign(mac, secret) == exports.sign(val, secret) ? str : false;
+  return sha1(mac) == sha1(val) ? str : false;
 };
+
+/**
+ * Private
+ */
+
+function sha1(str){
+  return crypto.createHash('sha1').update(str).digest('hex'));
+}