mirror of
				https://github.com/django/django.git
				synced 2025-10-26 15:16:09 +00:00 
			
		
		
		
	Refactored PasswordResetTokenGenerator to be a bit more extensible.
This commit is contained in:
		
				
					committed by
					
						 Tim Graham
						Tim Graham
					
				
			
			
				
	
			
			
			
						parent
						
							f5fbddf22f
						
					
				
				
					commit
					6387d9d41f
				
			| @@ -11,6 +11,8 @@ class PasswordResetTokenGenerator(object): | |||||||
|     Strategy object used to generate and check tokens for the password |     Strategy object used to generate and check tokens for the password | ||||||
|     reset mechanism. |     reset mechanism. | ||||||
|     """ |     """ | ||||||
|  |     key_salt = "django.contrib.auth.tokens.PasswordResetTokenGenerator" | ||||||
|  |  | ||||||
|     def make_token(self, user): |     def make_token(self, user): | ||||||
|         """ |         """ | ||||||
|         Returns a token that can be used once to do a password reset |         Returns a token that can be used once to do a password reset | ||||||
| @@ -54,15 +56,20 @@ class PasswordResetTokenGenerator(object): | |||||||
|         # last_login will also change), we produce a hash that will be |         # last_login will also change), we produce a hash that will be | ||||||
|         # invalid as soon as it is used. |         # invalid as soon as it is used. | ||||||
|         # We limit the hash to 20 chars to keep URL short |         # We limit the hash to 20 chars to keep URL short | ||||||
|         key_salt = "django.contrib.auth.tokens.PasswordResetTokenGenerator" |  | ||||||
|  |  | ||||||
|  |         hash = salted_hmac( | ||||||
|  |             self.key_salt, | ||||||
|  |             self._make_hash_value(user, timestamp), | ||||||
|  |         ).hexdigest()[::2] | ||||||
|  |         return "%s-%s" % (ts_b36, hash) | ||||||
|  |  | ||||||
|  |     def _make_hash_value(self, user, timestamp): | ||||||
|         # Ensure results are consistent across DB backends |         # Ensure results are consistent across DB backends | ||||||
|         login_timestamp = '' if user.last_login is None else user.last_login.replace(microsecond=0, tzinfo=None) |         login_timestamp = '' if user.last_login is None else user.last_login.replace(microsecond=0, tzinfo=None) | ||||||
|  |         return ( | ||||||
|         value = (six.text_type(user.pk) + user.password + |             six.text_type(user.pk) + user.password + | ||||||
|                 six.text_type(login_timestamp) + six.text_type(timestamp)) |             six.text_type(login_timestamp) + six.text_type(timestamp) | ||||||
|         hash = salted_hmac(key_salt, value).hexdigest()[::2] |         ) | ||||||
|         return "%s-%s" % (ts_b36, hash) |  | ||||||
|  |  | ||||||
|     def _num_days(self, dt): |     def _num_days(self, dt): | ||||||
|         return (dt - date(2001, 1, 1)).days |         return (dt - date(2001, 1, 1)).days | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user