Ticket #16385: c9f97bd7397a39ebcb9f8831b28d5ab3b4e57038.diff

File c9f97bd7397a39ebcb9f8831b28d5ab3b4e57038.diff, 7.0 KB (added by Jonas H., 13 years ago)

Auth password reset string pk

  • django/contrib/admin/templates/registration/password_reset_email.html 

    commit c9f97bd7397a39ebcb9f8831b28d5ab3b4e57038
Author: Jonas Haag <jonas@lophus.org>
Date:   Tue Jun 28 15:55:54 2011 +0200

    auth password reset

diff --git a/django/contrib/admin/templates/registration/password_reset_email.html b/django/contrib/admin/templates/registration/password_reset_email.html
index de9dc79..665ea11 100644
    a b  
    33
    44{% trans "Please go to the following page and choose a new password:" %}
    55{% block reset_link %}
    6 {{ protocol }}://{{ domain }}{% url 'django.contrib.auth.views.password_reset_confirm' uidb36=uid token=token %}
     6{{ protocol }}://{{ domain }}{% url 'django.contrib.auth.views.password_reset_confirm' uidb64=uid token=token %}
    77{% endblock %}
    88{% trans "Your username, in case you've forgotten:" %} {{ user.username }}
    99

  • django/contrib/auth/forms.py 

    diff --git a/django/contrib/auth/forms.py b/django/contrib/auth/forms.py
index 3dcbd84..5854367 100644
    a b from django.contrib.sites.models import get_current_site  
    55from django.template import Context, loader
    66from django import forms
    77from django.utils.translation import ugettext_lazy as _
    8 from django.utils.http import int_to_base36
     8from django.utils.http import urlsafe_base64_encode
    99
    1010class UserCreationForm(forms.ModelForm):
    1111    """
    class PasswordResetForm(forms.Form):  
    138138                'email': user.email,
    139139                'domain': domain,
    140140                'site_name': site_name,
    141                 'uid': int_to_base36(user.id),
     141                'uid': urlsafe_base64_encode(str(user.id)),
    142142                'user': user,
    143143                'token': token_generator.make_token(user),
    144144                'protocol': use_https and 'https' or 'http',

  • django/contrib/auth/tests/templates/registration/password_reset_email.html 

    diff --git a/django/contrib/auth/tests/templates/registration/password_reset_email.html b/django/contrib/auth/tests/templates/registration/password_reset_email.html
index 1b9a482..baac2fc 100644
    a b  
    1 {{ protocol }}://{{ domain }}/reset/{{ uid }}-{{ token }}/
    2  No newline at end of file
     1{{ protocol }}://{{ domain }}/reset/{{ uid }}/{{ token }}/

  • django/contrib/auth/tests/views.py 

    diff --git a/django/contrib/auth/tests/views.py b/django/contrib/auth/tests/views.py
index b03489c..40fdab0 100644
    a b class PasswordResetTest(AuthViewsTestCase):  
    100100
    101101    def test_confirm_invalid_user(self):
    102102        # Ensure that we get a 200 response for a non-existant user, not a 404
    103         response = self.client.get('/reset/123456-1-1/')
     103        response = self.client.get('/reset/123456/1-1/')
    104104        self.assertEqual(response.status_code, 200)
    105105        self.assertTrue("The password reset link was invalid" in response.content)
    106106
    107107    def test_confirm_overflow_user(self):
    108108        # Ensure that we get a 200 response for a base36 user id that overflows int
    109         response = self.client.get('/reset/zzzzzzzzzzzzz-1-1/')
     109        response = self.client.get('/reset/zzzzzzzzzzzzz/1-1/')
    110110        self.assertEqual(response.status_code, 200)
    111111        self.assertTrue("The password reset link was invalid" in response.content)
    112112

  • django/contrib/auth/urls.py 

    diff --git a/django/contrib/auth/urls.py b/django/contrib/auth/urls.py
index 42b4e8f..ed8db75 100644
    a b urlpatterns = patterns('',  
    1111    (r'^password_change/done/$', 'django.contrib.auth.views.password_change_done'),
    1212    (r'^password_reset/$', 'django.contrib.auth.views.password_reset'),
    1313    (r'^password_reset/done/$', 'django.contrib.auth.views.password_reset_done'),
    14     (r'^reset/(?P<uidb36>[0-9A-Za-z]{1,13})-(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$', 'django.contrib.auth.views.password_reset_confirm'),
     14    (r'^reset/(?P<uidb64>[0-9A-Za-z_\-]+)/(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$', 'django.contrib.auth.views.password_reset_confirm'),
    1515    (r'^reset/done/$', 'django.contrib.auth.views.password_reset_complete'),
    1616)
    1717

  • django/contrib/auth/views.py 

    diff --git a/django/contrib/auth/views.py b/django/contrib/auth/views.py
index eba83a2..7ecfd5c 100644
    a b from django.core.urlresolvers import reverse  
    55from django.http import HttpResponseRedirect, QueryDict
    66from django.shortcuts import render_to_response
    77from django.template import RequestContext
    8 from django.utils.http import base36_to_int
     8from django.utils.http import urlsafe_base64_decode
    99from django.utils.translation import ugettext as _
    1010from django.views.decorators.cache import never_cache
    1111from django.views.decorators.csrf import csrf_protect
    def password_reset_done(request,  
    173173
    174174# Doesn't need csrf_protect since no-one can guess the URL
    175175@never_cache
    176 def password_reset_confirm(request, uidb36=None, token=None,
     176def password_reset_confirm(request, uidb64=None, token=None,
    177177                           template_name='registration/password_reset_confirm.html',
    178178                           token_generator=default_token_generator,
    179179                           set_password_form=SetPasswordForm,
    def password_reset_confirm(request, uidb36=None, token=None,  
    183183    View that checks the hash in a password reset link and presents a
    184184    form for entering a new password.
    185185    """
    186     assert uidb36 is not None and token is not None # checked by URLconf
     186    assert uidb64 is not None and token is not None # checked by URLconf
    187187    if post_reset_redirect is None:
    188188        post_reset_redirect = reverse('django.contrib.auth.views.password_reset_complete')
    189189    try:
    190         uid_int = base36_to_int(uidb36)
    191         user = User.objects.get(id=uid_int)
    192     except (ValueError, User.DoesNotExist):
     190        uid = urlsafe_base64_decode(str(uidb64))
     191        user = User.objects.get(id=uid)
     192    except (TypeError, ValueError, User.DoesNotExist):
    193193        user = None
    194194
    195195    if user is not None and token_generator.check_token(user, token):

  • django/utils/http.py 

    diff --git a/django/utils/http.py b/django/utils/http.py
index c93a338..a839fa8 100644
    a b  
     1import base64
    12import calendar
    23import datetime
    34import re
    45import sys
    56import urllib
    67import urlparse
     8from binascii import Error as BinasciiError
    79from email.Utils import formatdate
    810
    911from django.utils.encoding import smart_str, force_unicode
    def int_to_base36(i):  
    168170        factor -= 1
    169171    return ''.join(base36)
    170172
     173def urlsafe_base64_encode(s):
     174    return base64.urlsafe_b64encode(s).rstrip('\n=')
     175
     176def urlsafe_base64_decode(s):
     177    assert isinstance(s, str)
     178    try:
     179        return base64.urlsafe_b64decode(s.ljust(len(s) + len(s) % 4, '='))
     180    except (LookupError, BinasciiError), e:
     181        raise ValueError(e)
     182
    171183def parse_etags(etag_str):
    172184    """
    173185    Parses a string with one or several etags passed in If-None-Match and
Back to Top