_make_token_with_timestamp inconsistent based on User.last_login

[felix]

default token generator makes inconsistent tokens depending on if the user has been loaded from the db or has just been created during this response

the difference is that a User just created has a last_login with microseconds set, but when reloaded from the db it does not and the token generator uses unicode(user.last_login) in the hash

>>> from django.contrib.auth.models import User
>>> u1 = User.objects.create_user("username","user@email.com","password")
>>> u1.last_login
datetime.datetime(2009, 2, 14, 16, 5, 3, 638275)
>>> unicode(u1.last_login)
u'2009-02-14 16:05:03.638275'

>>> u2 = User.objects.all()[0]
>>> u2
<User: crucial>
>>> u2.last_login
datetime.datetime(2009, 2, 14, 15, 47, 20)
>>> unicode(u2.last_login)
u'2009-02-14 15:47:20'

(as an aside, I don't think that a user should be created with a last login of now.
a new user has never logged in.)

# user just made, generate token:
making token 3 2009-02-14 16:24:33.632380 2966
2ae-c3c68b86d5148e768353

# user comes to site, token fails equality test in check_token
making token 3 2009-02-14 16:24:33 2966
2ae-e8d746b5603f6fae0fd5

the fix is to explicitly format user.last_login without microsecond

this fix should not break any currently generated tokens out there in email land

[Alex Gaynor]

Please use the preview button :)

[Jacob]

(In [10341]) Fixed #10265: fixed a bug when generating a password reset token for a user created on the same request. Thanks, crucialfelix.

[Jacob]

Milestone 1.1 deleted