Fixed #28248 -- Fixed password reset tokens being valid for 1 day longer than PASSWORD_RESET_TIMEOUT_DAYS.

2025-10-27 23:56:08 +00:00 · 2017-05-27 16:27:13 -04:00
parent 8c45b5b903
commit 95993a89ce
3 changed files with 11 additions and 4 deletions
--- a/django/contrib/auth/tokens.py
+++ b/django/contrib/auth/tokens.py
@@ -42,7 +42,7 @@ class PasswordResetTokenGenerator:
            return False

        # Check the timestamp is within limit
-        if (self._num_days(self._today()) - ts) > settings.PASSWORD_RESET_TIMEOUT_DAYS:
+        if (self._num_days(self._today()) - ts) >= settings.PASSWORD_RESET_TIMEOUT_DAYS:
            return False

        return True