#19871 closed New feature (wontfix)

Extend ResetPasswordTokenGenerator to handle arbitraty tokens

Reported by: cgenie@… Owned by: nobody
Component: Uncategorized Version: 1.4
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


The django.contrib.auth.tokens.ResetPasswordTokenGenerator is a useful class, but suitable only for doing one thing. It would be nice to extend it to support generating tokens for other events, like for example customer creation.
Here's the diff on

< class PasswordResetTokenGenerator(object):
> class AbstractTokenGenerator(object):
<         key_salt = "django.contrib.auth.tokens.PasswordResetTokenGenerator"
>         key_salt = '%s.%s' % (self.__class__.__module__, self.__class__.__name__)
> class PasswordResetTokenGenerator(AbstractTokenGenerator):
>     pass

The ResetPasswordToken returns the same value for old and new version of code.

Attachments (0)

Change History (1)

comment:1 Changed 14 months ago by carljm

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to wontfix
  • Status changed from new to closed

Thanks for the report! I don't think the proposed patch makes sense; the specific user data that is hashed in _make_token_with_timestamp is sensible for the password-reset (as outlined in the comment) but not necessarily for some other use; just changing the key salt doesn't magically make this a one-size-fits-all token generator. If you want to reuse some of this code, you can subclass and override the _make_token_with_timestamp method, and you probably should be doing that anyway.

Add Comment

Modify Ticket

Change Properties
<Author field>
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.