diff options
Diffstat (limited to 'django')
| -rw-r--r-- | django/contrib/auth/tokens.py | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/django/contrib/auth/tokens.py b/django/contrib/auth/tokens.py index c534f304f3..c3863d1dea 100644 --- a/django/contrib/auth/tokens.py +++ b/django/contrib/auth/tokens.py @@ -1,4 +1,4 @@ -from datetime import datetime +from datetime import datetime, time from django.conf import settings from django.utils.crypto import constant_time_compare, salted_hmac @@ -36,6 +36,8 @@ class PasswordResetTokenGenerator: # Parse the token try: ts_b36, _ = token.split("-") + # RemovedInDjango40Warning. + legacy_token = len(ts_b36) < 4 except ValueError: return False @@ -55,8 +57,14 @@ class PasswordResetTokenGenerator: ): return False + # RemovedInDjango40Warning: convert days to seconds and round to + # midnight (server time) for pre-Django 3.1 tokens. + now = self._now() + if legacy_token: + ts *= 24 * 60 * 60 + ts += int((now - datetime.combine(now.date(), time.min)).total_seconds()) # Check the timestamp is within limit. - if (self._num_seconds(self._now()) - ts) > settings.PASSWORD_RESET_TIMEOUT: + if (self._num_seconds(now) - ts) > settings.PASSWORD_RESET_TIMEOUT: return False return True |
