MCPcopy
hub / github.com/django/django / PasswordResetTokenGenerator

Class PasswordResetTokenGenerator

django/contrib/auth/tokens.py:8–129  ·  view source on GitHub ↗

Strategy object used to generate and check tokens for the password reset mechanism.

Source from the content-addressed store, hash-verified

6
7
8class PasswordResetTokenGenerator:
9 """
10 Strategy object used to generate and check tokens for the password
11 reset mechanism.
12 """
13
14 key_salt = "django.contrib.auth.tokens.PasswordResetTokenGenerator"
15 algorithm = None
16 _secret = None
17 _secret_fallbacks = None
18
19 def __init__(self):
20 self.algorithm = self.algorithm or "sha256"
21
22 def _get_secret(self):
23 return self._secret or settings.SECRET_KEY
24
25 def _set_secret(self, secret):
26 self._secret = secret
27
28 secret = property(_get_secret, _set_secret)
29
30 def _get_fallbacks(self):
31 if self._secret_fallbacks is None:
32 return settings.SECRET_KEY_FALLBACKS
33 return self._secret_fallbacks
34
35 def _set_fallbacks(self, fallbacks):
36 self._secret_fallbacks = fallbacks
37
38 secret_fallbacks = property(_get_fallbacks, _set_fallbacks)
39
40 def make_token(self, user):
41 """
42 Return a token that can be used once to do a password reset
43 for the given user.
44 """
45 return self._make_token_with_timestamp(
46 user,
47 self._num_seconds(self._now()),
48 self.secret,
49 )
50
51 def check_token(self, user, token):
52 """
53 Check that a password reset token is correct for a given user.
54 """
55 if not (user and token):
56 return False
57 # Parse the token
58 try:
59 ts_b36, _ = token.split("-")
60 except ValueError:
61 return False
62
63 try:
64 ts = base36_to_int(ts_b36)
65 except ValueError:

Calls

no outgoing calls