#30423 closed New feature (wontfix)
Make PasswordResetTokenGenerator's timeout extendable.
Reported by: | Antoine Humeau | Owned by: | Antoine Humeau |
---|---|---|---|
Component: | Uncategorized | Version: | dev |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
The goal of this ticket is to make the password token generator's timeout extendable in the same way that ticket #28017 made the secret extendable.
My usecase is using the token generator to build one time login links with timeouts different from the password reset process's timeout.
Change History (4)
comment:1 by , 6 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:2 by , 6 years ago
Has patch: | set |
---|
comment:3 by , 6 years ago
Resolution: | → wontfix |
---|---|
Status: | assigned → closed |
Summary: | Make PasswordResetTokenGenerator's timeout extendable → Make PasswordResetTokenGenerator's timeout extendable. |
Version: | 2.2 → master |
Thanks for the ticket, however PasswordResetTokenGenerator
is not a universal token generator. I wouldn't use it for other tokens. You can use TimestampSigner
to create one time login links (see Cryptographic signing) or subclass PasswordResetTokenGenerator
(probably you should override also _make_hash_value()
).
Related with #19871.
comment:4 by , 4 years ago
The issue this PR tried to fix was the difficult to subclass PasswordResetTokenGenerator
with custom timeout to support the solution suggested by @felixxm.
Pull request: https://github.com/django/django/pull/11302