django.git/django/contrib/auth/tokens.py, branch fix-31295 django http://cgit.adnoto.dev/django.git/atom?h=fix-31295 2025-08-27T08:50:50Z Fixed #36572 -- Revert "Fixed #36546 -- Deprecated django.utils.crypto.constant_time_compare() in favor of hmac.compare_digest()." 2025-08-27T08:50:50Z Sarah Boyce 42296566+sarahboyce@users.noreply.github.com 2025-08-26T11:37:34Z urn:sha1:d0e4dd5cdd743a5c43c4ccc2c8fa29d3982eaa71 This reverts commit 0246f478882c26bc1fe293224653074cd46a90d0. Fixed #36546 -- Deprecated django.utils.crypto.constant_time_compare() in favor of hmac.compare_digest(). 2025-08-25T12:45:16Z SaJH wogur981208@gmail.com 2025-08-22T13:32:09Z urn:sha1:0246f478882c26bc1fe293224653074cd46a90d0 Signed-off-by: SaJH <wogur981208@gmail.com> Refs #33476 -- Reformatted code with Black. 2022-02-07T19:37:05Z django-bot ops@djangoproject.com 2022-02-03T19:24:19Z urn:sha1:9c19aff7c7561e3a82978a272ecdaad40dda5c00 Fixed #30360 -- Added support for secret key rotation. 2022-02-01T10:12:24Z tschilling schillingt@better-simple.com 2021-12-14T03:47:03Z urn:sha1:0dcd549bbe36c060f536ec270d34d9e7d4b8e6c7 Thanks Florian Apolloner for the implementation idea. Co-authored-by: Andreas Pelme <andreas@pelme.se> Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com> Fixed #32664 -- Made PasswordResetTokenGenerator.secret validation lazy. 2021-04-20T05:34:53Z François Freitag mail@franek.fr 2021-04-19T07:58:34Z urn:sha1:6b0b3eafd6674305f7b09dbeb1aa0d8d8bb4df57 Django apps initialization to run management command triggers the admin autodiscovery. Importing django.contrib.auth.tokens creates an instance of PasswordResetTokenGenerator which required a SECRET_KEY. For several management commands, the token generator is unused. It should only complain about a missing SECRET_KEY when it is used. Refs #31842 -- Removed DEFAULT_HASHING_ALGORITHM transitional setting. 2021-01-14T16:50:04Z Mariusz Felisiak felisiak.mariusz@gmail.com 2021-01-14T09:27:04Z urn:sha1:0aa6a602b2b1cac6fe8e55051eed493b9cea7b81 Per deprecation timeline. Refs #27468 -- Removed support for the pre-Django 3.1 password reset tokens. 2021-01-14T16:50:04Z Mariusz Felisiak felisiak.mariusz@gmail.com 2021-01-11T19:31:49Z urn:sha1:66b4046d68921edc7c83076da4aafd307f7dd19b Per deprecation timeline. Fixed #32130 -- Fixed pre-Django 3.1 password reset tokens validation. 2020-10-22T11:21:14Z Mariusz Felisiak felisiak.mariusz@gmail.com 2020-10-22T11:21:14Z urn:sha1:34180922380cf41cd684f846ecf00f92eb289bcf Thanks Gordon Wrigley for the report and implementation idea. Regression in 226ebb17290b604ef29e82fb5c1fbac3594ac163. Fixed #26615 -- Made password reset token invalidate when changing email. 2020-10-21T07:29:53Z Jacob Walls 38668450+jacobtylerwalls@users.noreply.github.com 2016-05-16T01:54:03Z urn:sha1:0362b0e986303858081f607ffad2e8e14be8775e Co-Authored-By: Silas Barta <sbarta@gmail.com> Refs #31913 -- Corrected comment in PasswordResetTokenGenerator. 2020-08-27T10:57:16Z Phil Gyford phil@gyford.com 2020-08-27T09:17:56Z urn:sha1:e02738bf55f66939be63f75d4fdcdc2ebc36e435 Follow up to da4923ea87124102aae4455e947ce24599c0365b.