Fixed #10265: fixed a bug when generating a password reset token for a user created on the same request. Thanks, crucialfelix.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10341 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2025-10-27 15:46:10 +00:00 · 2009-04-01 21:25:24 +00:00
parent f03f9568aa
commit 2a994716a1
2 changed files with 9 additions and 1 deletions
--- a/django/contrib/auth/tokens.py
+++ b/django/contrib/auth/tokens.py
@@ -52,7 +52,7 @@ class PasswordResetTokenGenerator(object):
        # We limit the hash to 20 chars to keep URL short
        from django.utils.hashcompat import sha_constructor
        hash = sha_constructor(settings.SECRET_KEY + unicode(user.id) +
-                               user.password + unicode(user.last_login) +
+                               user.password + user.last_login.strftime('%Y-%m-%d %H:%M:%S') +
                               unicode(timestamp)).hexdigest()[::2]
        return "%s-%s" % (ts_b36, hash)