id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
34876	Allow password reset token generator to configure timeouts	Jake Howard	nobody	"Currently, `django.contrib.auth.tokens.PasswordResetTokenGenerator` uses `settings.PASSWORD_RESET_TIMEOUT` for the timeout value for a token.

In much the same way as the secret key(s) and hash algorithm used are configurable through instance attributes, it'd be very convenient if the timeout was too (defaulting to `settings.PASSWORD_RESET_TIMEOUT`, of course). The token generator is a generic and useful token generator, and it can be helpful to use elsewhere. This is the only piece of configuration tied to password reset which isn't easily reconfigured.

A potential extension might be to pass the user into the getter for the token generator, allowing the timeout to be configured on a per-user basis (eg require admins to use the link sooner). A very niche feature, but trivial to implement during this refactor."	Cleanup/optimization	closed	contrib.auth	4.2	Normal	duplicate			Unreviewed	0	0	0	0	0	0