Strategy object used to generate and check tokens for the password reset mechanism.
| 6 | |
| 7 | |
| 8 | class PasswordResetTokenGenerator: |
| 9 | """ |
| 10 | Strategy object used to generate and check tokens for the password |
| 11 | reset mechanism. |
| 12 | """ |
| 13 | |
| 14 | key_salt = "django.contrib.auth.tokens.PasswordResetTokenGenerator" |
| 15 | algorithm = None |
| 16 | _secret = None |
| 17 | _secret_fallbacks = None |
| 18 | |
| 19 | def __init__(self): |
| 20 | self.algorithm = self.algorithm or "sha256" |
| 21 | |
| 22 | def _get_secret(self): |
| 23 | return self._secret or settings.SECRET_KEY |
| 24 | |
| 25 | def _set_secret(self, secret): |
| 26 | self._secret = secret |
| 27 | |
| 28 | secret = property(_get_secret, _set_secret) |
| 29 | |
| 30 | def _get_fallbacks(self): |
| 31 | if self._secret_fallbacks is None: |
| 32 | return settings.SECRET_KEY_FALLBACKS |
| 33 | return self._secret_fallbacks |
| 34 | |
| 35 | def _set_fallbacks(self, fallbacks): |
| 36 | self._secret_fallbacks = fallbacks |
| 37 | |
| 38 | secret_fallbacks = property(_get_fallbacks, _set_fallbacks) |
| 39 | |
| 40 | def make_token(self, user): |
| 41 | """ |
| 42 | Return a token that can be used once to do a password reset |
| 43 | for the given user. |
| 44 | """ |
| 45 | return self._make_token_with_timestamp( |
| 46 | user, |
| 47 | self._num_seconds(self._now()), |
| 48 | self.secret, |
| 49 | ) |
| 50 | |
| 51 | def check_token(self, user, token): |
| 52 | """ |
| 53 | Check that a password reset token is correct for a given user. |
| 54 | """ |
| 55 | if not (user and token): |
| 56 | return False |
| 57 | # Parse the token |
| 58 | try: |
| 59 | ts_b36, _ = token.split("-") |
| 60 | except ValueError: |
| 61 | return False |
| 62 | |
| 63 | try: |
| 64 | ts = base36_to_int(ts_b36) |
| 65 | except ValueError: |
no outgoing calls