B Bc @sPddlmZddlmZddlmZmZddlmZm Z GdddZ e Z dS))date)settings)constant_time_compare salted_hmac) base36_to_int int_to_base36c@sJeZdZdZdZejZddZddZ ddZ d d Z d d Z d dZ dS)PasswordResetTokenGeneratorza Strategy object used to generate and check tokens for the password reset mechanism. z6django.contrib.auth.tokens.PasswordResetTokenGeneratorcCs||||S)zi Return a token that can be used once to do a password reset for the given user. )_make_token_with_timestamp _num_days_today)selfuserrK/var/www/cleansys/lib/python3.7/site-packages/django/contrib/auth/tokens.py make_tokensz&PasswordResetTokenGenerator.make_tokencCs|r|s dSy|d\}}Wntk r2dSXy t|}Wntk rTdSXt||||sldS|||tjkrdSdS)zP Check that a password reset token is correct for a given user. F-T) split ValueErrorrrr r r rZPASSWORD_RESET_TIMEOUT_DAYS)r r tokents_b36_tsrrr check_tokens z'PasswordResetTokenGenerator.check_tokencCs<t|}t|j||||jdddd}d||fS)N)secretz%s-%s)rrkey_salt_make_hash_valuer hexdigest)r r timestamprZ hash_stringrrrr 6s z6PasswordResetTokenGenerator._make_token_with_timestampcCs>|jdkrdn|jjddd}t|j|jt|t|S)a Hash the user's primary key and some user state that's sure to change after a password reset to produce a token that invalidated when it's used: 1. The password field will change upon a password reset (even if the same password is chosen, due to password salting). 2. The last_login field will usually be updated very shortly after a password reset. Failing those things, settings.PASSWORD_RESET_TIMEOUT_DAYS eventually invalidates the token. Running this data through salted_hmac() prevents password cracking attempts using the reset token, provided the secret isn't compromised. Nr) microsecondtzinfo)Z last_loginreplacestrpkpassword)r r rZlogin_timestamprrrrAsz,PasswordResetTokenGenerator._make_hash_valuecCs|tdddjS)Ni)rdays)r dtrrrr Usz%PasswordResetTokenGenerator._num_dayscCstS)N)rtoday)r rrrr Xsz"PasswordResetTokenGenerator._todayN)__name__ __module__ __qualname____doc__rrZ SECRET_KEYrrrr rr r rrrrrs rN) datetimerZ django.confrZdjango.utils.cryptorrZdjango.utils.httprrrZdefault_token_generatorrrrrs  U