Opened 18 months ago

Closed 18 months ago

Last modified 18 months ago

#32407 closed New feature (wontfix)

Add token generator for email verification

Reported by: Kobus van Schoor Owned by: nobody
Component: contrib.auth Version: dev
Severity: Normal Keywords: auth, token
Cc: Alex Gaynor Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


An email verification token generator similar to the existing contrib.auth.tokens.PasswordResetTokenGenerator which generates a token that stays valid even if the user has logged in or changed their password

Change History (3)

comment:1 Changed 18 months ago by Mariusz Felisiak

Cc: Alex Gaynor added
Resolution: wontfix
Status: newclosed

Thanks for this ticket, however token should be rejected after changing a password or an email (see #26615). I don't think that we would like to encourage users to keep tokens valid after such changes by providing a builtin generator which behaves differently.

comment:2 Changed 18 months ago by Kobus van Schoor

Thanks for the feedback, please note that this is a new generator separate from the PasswordResetTokenGenerator which still has tokens that are invalidated when the user logs in/changes their password. This new generator is specifically for generating tokens that are used to validate a user's email, hence the more relaxed conditions (since a user won't expect a email verification token to be invalidated after logging in). I can add the user's password back to the hash generation so that changing your password still invalidates the token?

comment:3 Changed 18 months ago by Mariusz Felisiak

Ahh, sorry, I misunderstood your intentions. You want to have a token generator for an email verification. Nevertheless, I don't think this need to be included to Django, because an implementation is straightforward and it will not be used by Django itself. You can start a discussion on DevelopersMailingList if you don't agree.

Note: See TracTickets for help on using tickets.
Back to Top