Opened 6 years ago

Closed 6 years ago

Last modified 5 years ago

#30423 closed New feature (wontfix)

Make PasswordResetTokenGenerator's timeout extendable.

Reported by: Antoine Humeau Owned by: Antoine Humeau
Component: Uncategorized Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no
Pull Requests:11302 unmerged

Description

The goal of this ticket is to make the password token generator's timeout extendable in the same way that ticket #28017 made the secret extendable.

My usecase is using the token generator to build one time login links with timeouts different from the password reset process's timeout.

Change History (4)

comment:1 by Antoine Humeau, 6 years ago

Owner: changed from nobody to Antoine Humeau
Status: newassigned

comment:2 by Antoine Humeau, 6 years ago

Has patch: set

Pull request: https://github.com/django/django/pull/11302

comment:3 by Mariusz Felisiak, 6 years ago

Resolution: wontfix
Status: assignedclosed
Summary: Make PasswordResetTokenGenerator's timeout extendableMake PasswordResetTokenGenerator's timeout extendable.
Version: 2.2master

Thanks for the ticket, however PasswordResetTokenGenerator is not a universal token generator. I wouldn't use it for other tokens. You can use TimestampSigner to create one time login links (see Cryptographic signing) or subclass PasswordResetTokenGenerator (probably you should override also _make_hash_value()).

Related with #19871.

comment:4 by Iuri de Silvio, 5 years ago

The issue this PR tried to fix was the difficult to subclass PasswordResetTokenGenerator with custom timeout to support the solution suggested by @felixxm.

Note: See TracTickets for help on using tickets.
Back to Top