From f75e13f55ead56a20a6a24cf073ae223346966c9 Mon Sep 17 00:00:00 2001
From: Valentin Alexeev <valentin.alekseev@gmail.com>
Date: Tue, 10 Jan 2017 17:01:04 +0200
Subject: [PATCH] Use SHA hash to make token harder to guess (#5258)

* Use SHA hash to make token harder to guess

Use hashlib SHA256 to encode object id instead of using it directly.

* Cache access token

Instead of generating a token on the fly cache it in the constructor.

* Fix lint
---
 homeassistant/components/camera/__init__.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/homeassistant/components/camera/__init__.py b/homeassistant/components/camera/__init__.py
index 5b2aa463607..5ba68dea058 100644
--- a/homeassistant/components/camera/__init__.py
+++ b/homeassistant/components/camera/__init__.py
@@ -8,6 +8,7 @@ https://home-assistant.io/components/camera/
 import asyncio
 from datetime import timedelta
 import logging
+import hashlib
 
 from aiohttp import web
 
@@ -47,11 +48,13 @@ class Camera(Entity):
     def __init__(self):
         """Initialize a camera."""
         self.is_streaming = False
+        self._access_token = hashlib.sha256(
+            str.encode(str(id(self)))).hexdigest()
 
     @property
     def access_token(self):
         """Access token for this camera."""
-        return str(id(self))
+        return self._access_token
 
     @property
     def should_poll(self):