diff options
| author | Matt Robenolt <matt@ydekproductions.com> | 2015-04-19 18:51:18 -0700 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2015-04-20 14:27:12 -0400 |
| commit | 6387d9d41fa9c4292a010bdae16feb349cb3c94a (patch) | |
| tree | 4d927564a0351d7660562caf1cdce0f6f1d5a2f3 | |
| parent | f5fbddf22f5e9b760e76ef35f104270026c60693 (diff) | |
Refactored PasswordResetTokenGenerator to be a bit more extensible.
| -rw-r--r-- | django/contrib/auth/tokens.py | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/django/contrib/auth/tokens.py b/django/contrib/auth/tokens.py index b925c21eff..45145ab87d 100644 --- a/django/contrib/auth/tokens.py +++ b/django/contrib/auth/tokens.py @@ -11,6 +11,8 @@ class PasswordResetTokenGenerator(object): Strategy object used to generate and check tokens for the password reset mechanism. """ + key_salt = "django.contrib.auth.tokens.PasswordResetTokenGenerator" + def make_token(self, user): """ Returns a token that can be used once to do a password reset @@ -54,15 +56,20 @@ class PasswordResetTokenGenerator(object): # last_login will also change), we produce a hash that will be # invalid as soon as it is used. # We limit the hash to 20 chars to keep URL short - key_salt = "django.contrib.auth.tokens.PasswordResetTokenGenerator" + hash = salted_hmac( + self.key_salt, + self._make_hash_value(user, timestamp), + ).hexdigest()[::2] + return "%s-%s" % (ts_b36, hash) + + def _make_hash_value(self, user, timestamp): # Ensure results are consistent across DB backends login_timestamp = '' if user.last_login is None else user.last_login.replace(microsecond=0, tzinfo=None) - - value = (six.text_type(user.pk) + user.password + - six.text_type(login_timestamp) + six.text_type(timestamp)) - hash = salted_hmac(key_salt, value).hexdigest()[::2] - return "%s-%s" % (ts_b36, hash) + return ( + six.text_type(user.pk) + user.password + + six.text_type(login_timestamp) + six.text_type(timestamp) + ) def _num_days(self, dt): return (dt - date(2001, 1, 1)).days |
