auth: use HMAC-SHA1 to calculate password reset token The use of standard cryptographic primitives is always preferable, and in this case allows us not to worry about length extension attacks and possibly any number of issues that I'm not presently aware of. Also fix a potential Unicode encoding problem.

.. _changelog:

=========
Changelog
=========

Kallithea project doesn't keep its changelog here.  We refer you to our `Mercurial logs`__.


.. __: https://kallithea-scm.org/repos/kallithea/changelog