summaryrefslogtreecommitdiff
path: root/django
diff options
context:
space:
mode:
Diffstat (limited to 'django')
-rw-r--r--django/contrib/auth/tokens.py12
1 files changed, 10 insertions, 2 deletions
diff --git a/django/contrib/auth/tokens.py b/django/contrib/auth/tokens.py
index c534f304f3..c3863d1dea 100644
--- a/django/contrib/auth/tokens.py
+++ b/django/contrib/auth/tokens.py
@@ -1,4 +1,4 @@
-from datetime import datetime
+from datetime import datetime, time
from django.conf import settings
from django.utils.crypto import constant_time_compare, salted_hmac
@@ -36,6 +36,8 @@ class PasswordResetTokenGenerator:
# Parse the token
try:
ts_b36, _ = token.split("-")
+ # RemovedInDjango40Warning.
+ legacy_token = len(ts_b36) < 4
except ValueError:
return False
@@ -55,8 +57,14 @@ class PasswordResetTokenGenerator:
):
return False
+ # RemovedInDjango40Warning: convert days to seconds and round to
+ # midnight (server time) for pre-Django 3.1 tokens.
+ now = self._now()
+ if legacy_token:
+ ts *= 24 * 60 * 60
+ ts += int((now - datetime.combine(now.date(), time.min)).total_seconds())
# Check the timestamp is within limit.
- if (self._num_seconds(self._now()) - ts) > settings.PASSWORD_RESET_TIMEOUT:
+ if (self._num_seconds(now) - ts) > settings.PASSWORD_RESET_TIMEOUT:
return False
return True