summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--django/contrib/auth/tokens.py6
1 files changed, 5 insertions, 1 deletions
diff --git a/django/contrib/auth/tokens.py b/django/contrib/auth/tokens.py
index a75ef61e51..fcc8c94011 100644
--- a/django/contrib/auth/tokens.py
+++ b/django/contrib/auth/tokens.py
@@ -52,8 +52,12 @@ class PasswordResetTokenGenerator(object):
# invalid as soon as it is used.
# We limit the hash to 20 chars to keep URL short
key_salt = "django.contrib.auth.tokens.PasswordResetTokenGenerator"
+
+ # Ensure results are consistent across DB backends
+ login_timestamp = user.last_login.replace(microsecond=0, tzinfo=None)
+
value = (unicode(user.id) + user.password +
- unicode(user.last_login) + unicode(timestamp))
+ unicode(login_timestamp) + unicode(timestamp))
hash = salted_hmac(key_salt, value).hexdigest()[::2]
return "%s-%s" % (ts_b36, hash)