[2.0.x] Reverted "Fixed #28248 -- Fixed password reset tokens being valid for 1 day longer than PASSWORD_RESET_TIMEOUT_DAYS."

This reverts commit 95993a89ce.

Backport of 67a6ba391b from master
This commit is contained in:
Tim Graham 2017-09-25 08:51:02 -04:00
parent d68744f6ad
commit e241b4e797
3 changed files with 3 additions and 11 deletions

View File

@ -42,7 +42,7 @@ class PasswordResetTokenGenerator:
return False return False
# Check the timestamp is within limit # Check the timestamp is within limit
if (self._num_days(self._today()) - ts) >= settings.PASSWORD_RESET_TIMEOUT_DAYS: if (self._num_days(self._today()) - ts) > settings.PASSWORD_RESET_TIMEOUT_DAYS:
return False return False
return True return True

View File

@ -566,12 +566,6 @@ Miscellaneous
connection, those queries could be included as part of the connection, those queries could be included as part of the
``assertNumQueries()`` count. ``assertNumQueries()`` count.
* The ``PASSWORD_RESET_TIMEOUT_DAYS`` setting is more properly respected in
``contrib.auth`` password reset. Previously, resets were allowed for one day
longer than expected. For example, with the default of
``PASSWORD_RESET_TIMEOUT_DAYS = 3``, password reset tokens are now valid for
72 hours rather than 96 hours.
* The default size of the Oracle test tablespace is increased from 20M to 50M * The default size of the Oracle test tablespace is increased from 20M to 50M
and the default autoextend size is increased from 10M to 25M. and the default autoextend size is increased from 10M to 25M.

View File

@ -43,12 +43,10 @@ class TokenGeneratorTest(TestCase):
user = User.objects.create_user('tokentestuser', 'test2@example.com', 'testpw') user = User.objects.create_user('tokentestuser', 'test2@example.com', 'testpw')
p0 = PasswordResetTokenGenerator() p0 = PasswordResetTokenGenerator()
tk1 = p0.make_token(user) tk1 = p0.make_token(user)
p1 = Mocked(date.today() + timedelta(days=settings.PASSWORD_RESET_TIMEOUT_DAYS, seconds=-1)) p1 = Mocked(date.today() + timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS))
self.assertTrue(p1.check_token(user, tk1)) self.assertTrue(p1.check_token(user, tk1))
p2 = Mocked(date.today() + timedelta(days=settings.PASSWORD_RESET_TIMEOUT_DAYS)) p2 = Mocked(date.today() + timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS + 1))
self.assertFalse(p2.check_token(user, tk1)) self.assertFalse(p2.check_token(user, tk1))
p3 = Mocked(date.today() + timedelta(days=settings.PASSWORD_RESET_TIMEOUT_DAYS, seconds=1))
self.assertFalse(p3.check_token(user, tk1))
def test_check_token_with_nonexistent_token_and_user(self): def test_check_token_with_nonexistent_token_and_user(self):
user = User.objects.create_user('tokentestuser', 'test2@example.com', 'testpw') user = User.objects.create_user('tokentestuser', 'test2@example.com', 'testpw')