diff options
| author | Tim Graham <timograham@gmail.com> | 2017-09-25 08:51:02 -0400 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2017-09-25 09:06:32 -0400 |
| commit | e241b4e7970e45c21d14df30ce9f6f02b9b7cdce (patch) | |
| tree | d1f1f14d8e5b2a6e0cd33d782b058f7a4f67e4cb | |
| parent | d68744f6adfb294fa124d2550e03775748fe8b91 (diff) | |
[2.0.x] Reverted "Fixed #28248 -- Fixed password reset tokens being valid for 1 day longer than PASSWORD_RESET_TIMEOUT_DAYS."
This reverts commit 95993a89ce6ca5f5e26b1c22b65c57dcb8c005e9.
Backport of 67a6ba391bbcf1a4c6bb0c42cb17e4fc0530f6d2 from master
| -rw-r--r-- | django/contrib/auth/tokens.py | 2 | ||||
| -rw-r--r-- | docs/releases/2.0.txt | 6 | ||||
| -rw-r--r-- | tests/auth_tests/test_tokens.py | 6 |
3 files changed, 3 insertions, 11 deletions
diff --git a/django/contrib/auth/tokens.py b/django/contrib/auth/tokens.py index f4ed175e44..eefa00c330 100644 --- a/django/contrib/auth/tokens.py +++ b/django/contrib/auth/tokens.py @@ -42,7 +42,7 @@ class PasswordResetTokenGenerator: return False # Check the timestamp is within limit - if (self._num_days(self._today()) - ts) >= settings.PASSWORD_RESET_TIMEOUT_DAYS: + if (self._num_days(self._today()) - ts) > settings.PASSWORD_RESET_TIMEOUT_DAYS: return False return True diff --git a/docs/releases/2.0.txt b/docs/releases/2.0.txt index 851067e818..6a06929275 100644 --- a/docs/releases/2.0.txt +++ b/docs/releases/2.0.txt @@ -566,12 +566,6 @@ Miscellaneous connection, those queries could be included as part of the ``assertNumQueries()`` count. -* The ``PASSWORD_RESET_TIMEOUT_DAYS`` setting is more properly respected in - ``contrib.auth`` password reset. Previously, resets were allowed for one day - longer than expected. For example, with the default of - ``PASSWORD_RESET_TIMEOUT_DAYS = 3``, password reset tokens are now valid for - 72 hours rather than 96 hours. - * The default size of the Oracle test tablespace is increased from 20M to 50M and the default autoextend size is increased from 10M to 25M. diff --git a/tests/auth_tests/test_tokens.py b/tests/auth_tests/test_tokens.py index 0bc5b07599..ede7b007fa 100644 --- a/tests/auth_tests/test_tokens.py +++ b/tests/auth_tests/test_tokens.py @@ -43,12 +43,10 @@ class TokenGeneratorTest(TestCase): user = User.objects.create_user('tokentestuser', 'test2@example.com', 'testpw') p0 = PasswordResetTokenGenerator() tk1 = p0.make_token(user) - p1 = Mocked(date.today() + timedelta(days=settings.PASSWORD_RESET_TIMEOUT_DAYS, seconds=-1)) + p1 = Mocked(date.today() + timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS)) self.assertTrue(p1.check_token(user, tk1)) - p2 = Mocked(date.today() + timedelta(days=settings.PASSWORD_RESET_TIMEOUT_DAYS)) + p2 = Mocked(date.today() + timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS + 1)) self.assertFalse(p2.check_token(user, tk1)) - p3 = Mocked(date.today() + timedelta(days=settings.PASSWORD_RESET_TIMEOUT_DAYS, seconds=1)) - self.assertFalse(p3.check_token(user, tk1)) def test_check_token_with_nonexistent_token_and_user(self): user = User.objects.create_user('tokentestuser', 'test2@example.com', 'testpw') |