diff --git a/django/contrib/auth/utils.py b/django/contrib/auth/utils.py
new file mode 100644
index 0000000..93e044a
-
|
+
|
|
| 1 | from django.contrib.auth.models import User |
| 2 | from django.contrib.auth.tokens import default_token_generator |
| 3 | from django.utils.http import base36_to_int |
| 4 | |
| 5 | def confirm_password_reset(uidb36, token, token_generator=default_token_generator): |
| 6 | try: |
| 7 | uid_int = base36_to_int(uidb36) |
| 8 | user = User.objects.get(id=uid_int) |
| 9 | except (ValueError, User.DoesNotExist): |
| 10 | user = None |
| 11 | |
| 12 | return user, token_generator.check_token(user, token) if user else False |
| 13 | |
diff --git a/django/contrib/auth/views.py b/django/contrib/auth/views.py
index eba83a2..00a176b 100644
a
|
b
|
from django.core.urlresolvers import reverse
|
5 | 5 | from django.http import HttpResponseRedirect, QueryDict |
6 | 6 | from django.shortcuts import render_to_response |
7 | 7 | from django.template import RequestContext |
8 | | from django.utils.http import base36_to_int |
9 | 8 | from django.utils.translation import ugettext as _ |
10 | 9 | from django.views.decorators.cache import never_cache |
11 | 10 | from django.views.decorators.csrf import csrf_protect |
… |
… |
from django.views.decorators.csrf import csrf_protect
|
14 | 13 | from django.contrib.auth import REDIRECT_FIELD_NAME, login as auth_login, logout as auth_logout |
15 | 14 | from django.contrib.auth.decorators import login_required |
16 | 15 | from django.contrib.auth.forms import AuthenticationForm, PasswordResetForm, SetPasswordForm, PasswordChangeForm |
17 | | from django.contrib.auth.models import User |
18 | 16 | from django.contrib.auth.tokens import default_token_generator |
| 17 | from django.contrib.auth.utils import confirm_password_reset |
19 | 18 | from django.contrib.sites.models import get_current_site |
20 | 19 | |
21 | 20 | |
… |
… |
def password_reset_confirm(request, uidb36=None, token=None,
|
186 | 185 | assert uidb36 is not None and token is not None # checked by URLconf |
187 | 186 | if post_reset_redirect is None: |
188 | 187 | post_reset_redirect = reverse('django.contrib.auth.views.password_reset_complete') |
189 | | try: |
190 | | uid_int = base36_to_int(uidb36) |
191 | | user = User.objects.get(id=uid_int) |
192 | | except (ValueError, User.DoesNotExist): |
193 | | user = None |
194 | | |
195 | | if user is not None and token_generator.check_token(user, token): |
196 | | validlink = True |
| 188 | user, validlink = confirm_password_reset(uidb36, token, token_generator=token_generator) |
| 189 | |
| 190 | if user is not None and validlink: |
197 | 191 | if request.method == 'POST': |
198 | 192 | form = set_password_form(user, request.POST) |
199 | 193 | if form.is_valid(): |
… |
… |
def password_reset_confirm(request, uidb36=None, token=None,
|
202 | 196 | else: |
203 | 197 | form = set_password_form(None) |
204 | 198 | else: |
205 | | validlink = False |
206 | 199 | form = None |
207 | 200 | context = { |
208 | 201 | 'form': form, |