#30423 closed New feature (wontfix)
Make PasswordResetTokenGenerator's timeout extendable.
| Reported by: | Antoine Humeau | Owned by: | Antoine Humeau |
|---|---|---|---|
| Component: | Uncategorized | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
The goal of this ticket is to make the password token generator's timeout extendable in the same way that ticket #28017 made the secret extendable.
My usecase is using the token generator to build one time login links with timeouts different from the password reset process's timeout.
Change History (4)
comment:1 by , 6 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 6 years ago
| Has patch: | set |
|---|
comment:3 by , 6 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | assigned → closed |
| Summary: | Make PasswordResetTokenGenerator's timeout extendable → Make PasswordResetTokenGenerator's timeout extendable. |
| Version: | 2.2 → master |
Thanks for the ticket, however PasswordResetTokenGenerator is not a universal token generator. I wouldn't use it for other tokens. You can use TimestampSigner to create one time login links (see Cryptographic signing) or subclass PasswordResetTokenGenerator (probably you should override also _make_hash_value()).
Related with #19871.
comment:4 by , 4 years ago
The issue this PR tried to fix was the difficult to subclass PasswordResetTokenGenerator with custom timeout to support the solution suggested by @felixxm.
Pull request: https://github.com/django/django/pull/11302