Refs #27468 -- Made PasswordResetTokenGenerator use SHA-256 algorithm.

author: Claude Paroz <claude@2xlibre.net> 2020-01-17 10:09:55 +0100
committer: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2020-02-12 21:46:56 +0100
commit: da4923ea87124102aae4455e947ce24599c0365b (patch)
tree: c2bb4329144e9a384b3b671095c1c7a1bbcac2cb /tests/auth_tests
parent: 27f67317da73f97fbe61444d5a3633584fc4f644 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/tests/auth_tests/test_tokens.py b/tests/auth_tests/test_tokens.py
index 937fb7f598..5ac242db29 100644
--- a/tests/auth_tests/test_tokens.py
+++ b/tests/auth_tests/test_tokens.py
@@ -86,3 +86,14 @@ class TokenGeneratorTest(TestCase):
         # Tokens created with a different secret don't validate.
         self.assertIs(p0.check_token(user, tk1), False)
         self.assertIs(p1.check_token(user, tk0), False)
+
+    def test_legacy_token_validation(self):
+        # RemovedInDjango40Warning: pre-Django 3.1 tokens will be invalid.
+        user = User.objects.create_user('tokentestuser', 'test2@example.com', 'testpw')
+        p_old_generator = PasswordResetTokenGenerator()
+        p_old_generator.algorithm = 'sha1'
+        p_new_generator = PasswordResetTokenGenerator()
+
+        legacy_token = p_old_generator.make_token(user)
+        self.assertIs(p_old_generator.check_token(user, legacy_token), True)
+        self.assertIs(p_new_generator.check_token(user, legacy_token), True)
author	Claude Paroz <claude@2xlibre.net>	2020-01-17 10:09:55 +0100
committer	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2020-02-12 21:46:56 +0100
commit	da4923ea87124102aae4455e947ce24599c0365b (patch)
tree	c2bb4329144e9a384b3b671095c1c7a1bbcac2cb /tests/auth_tests
parent	27f67317da73f97fbe61444d5a3633584fc4f644 (diff)