heuzef
/
ecomonde
1
0
Fork 0
Code Releases 0 Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
91 Commits
2 Branches
122 MiB
 
 
 
 
Tree: e02ecc61db
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e02ecc61db'
${ noResults }
ecomonde/ecomonde-venv/lib/python3.4/site-packages/django/contrib/auth/tokens.py

82 lines
2.7 KiB
Raw Blame History 

  1. from datetime import date

  2. 

  3. from django.conf import settings

  4. from django.utils import six

  5. from django.utils.crypto import constant_time_compare, salted_hmac

  6. from django.utils.http import base36_to_int, int_to_base36

  7. 

  8. 

  9. class PasswordResetTokenGenerator(object):

  10.     """

  11.     Strategy object used to generate and check tokens for the password

  12.     reset mechanism.

  13.     """

  14.     key_salt = "django.contrib.auth.tokens.PasswordResetTokenGenerator"

  15. 

  16.     def make_token(self, user):

  17.         """

  18.         Returns a token that can be used once to do a password reset

  19.         for the given user.

  20.         """

  21.         return self._make_token_with_timestamp(user, self._num_days(self._today()))

  22. 

  23.     def check_token(self, user, token):

  24.         """

  25.         Check that a password reset token is correct for a given user.

  26.         """

  27.         # Parse the token

  28.         try:

  29.             ts_b36, hash = token.split("-")

  30.         except ValueError:

  31.             return False

  32. 

  33.         try:

  34.             ts = base36_to_int(ts_b36)

  35.         except ValueError:

  36.             return False

  37. 

  38.         # Check that the timestamp/uid has not been tampered with

  39.         if not constant_time_compare(self._make_token_with_timestamp(user, ts), token):

  40.             return False

  41. 

  42.         # Check the timestamp is within limit

  43.         if (self._num_days(self._today()) - ts) > settings.PASSWORD_RESET_TIMEOUT_DAYS:

  44.             return False

  45. 

  46.         return True

  47. 

  48.     def _make_token_with_timestamp(self, user, timestamp):

  49.         # timestamp is number of days since 2001-1-1.  Converted to

  50.         # base 36, this gives us a 3 digit string until about 2121

  51.         ts_b36 = int_to_base36(timestamp)

  52. 

  53.         # By hashing on the internal state of the user and using state

  54.         # that is sure to change (the password salt will change as soon as

  55.         # the password is set, at least for current Django auth, and

  56.         # last_login will also change), we produce a hash that will be

  57.         # invalid as soon as it is used.

  58.         # We limit the hash to 20 chars to keep URL short

  59. 

  60.         hash = salted_hmac(

  61.             self.key_salt,

  62.             self._make_hash_value(user, timestamp),

  63.         ).hexdigest()[::2]

  64.         return "%s-%s" % (ts_b36, hash)

  65. 

  66.     def _make_hash_value(self, user, timestamp):

  67.         # Ensure results are consistent across DB backends

  68.         login_timestamp = '' if user.last_login is None else user.last_login.replace(microsecond=0, tzinfo=None)

  69.         return (

  70.             six.text_type(user.pk) + user.password +

  71.             six.text_type(login_timestamp) + six.text_type(timestamp)

  72.         )

  73. 

  74.     def _num_days(self, dt):

  75.         return (dt - date(2001, 1, 1)).days

  76. 

  77.     def _today(self):

  78.         # Used for mocking in tests

  79.         return date.today()

  80. 

  81. default_token_generator = PasswordResetTokenGenerator()