Opened 11 years ago
Closed 11 years ago
#19871 closed New feature (wontfix)
Extend ResetPasswordTokenGenerator to handle arbitraty tokens
| Reported by: | Owned by: | nobody | |
|---|---|---|---|
| Component: | Uncategorized | Version: | 1.4 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
The django.contrib.auth.tokens.ResetPasswordTokenGenerator is a useful class, but suitable only for doing one thing. It would be nice to extend it to support generating tokens for other events, like for example customer creation.
Here's the diff on tokens.py:
6c6 < class PasswordResetTokenGenerator(object): --- > class AbstractTokenGenerator(object): 54c54 < key_salt = "django.contrib.auth.tokens.PasswordResetTokenGenerator" --- > key_salt = '%s.%s' % (self.__class__.__module__, self.__class__.__name__) 69a70,73 > > > class PasswordResetTokenGenerator(AbstractTokenGenerator): > pass
The ResetPasswordToken returns the same value for old and new version of code.
Note:
See TracTickets
for help on using tickets.
Thanks for the report! I don't think the proposed patch makes sense; the specific user data that is hashed in
_make_token_with_timestampis sensible for the password-reset (as outlined in the comment) but not necessarily for some other use; just changing the key salt doesn't magically make this a one-size-fits-all token generator. If you want to reuse some of this code, you can subclass and override the_make_token_with_timestampmethod, and you probably should be doing that anyway.