[2.0.x] Reverted "Fixed #28248 -- Fixed password reset tokens being valid for 1 day longer than PASSWORD_RESET_TIMEOUT_DAYS."

This reverts commit 95993a89ce.

Backport of 67a6ba391b from master
This commit is contained in:
Tim Graham 2017-09-25 08:51:02 -04:00
parent d68744f6ad
commit e241b4e797
3 changed files with 3 additions and 11 deletions

View File

@ -42,7 +42,7 @@ class PasswordResetTokenGenerator:
return False
# Check the timestamp is within limit
if (self._num_days(self._today()) - ts) >= settings.PASSWORD_RESET_TIMEOUT_DAYS:
if (self._num_days(self._today()) - ts) > settings.PASSWORD_RESET_TIMEOUT_DAYS:
return False
return True

View File

@ -566,12 +566,6 @@ Miscellaneous
connection, those queries could be included as part of the
``assertNumQueries()`` count.
* The ``PASSWORD_RESET_TIMEOUT_DAYS`` setting is more properly respected in
``contrib.auth`` password reset. Previously, resets were allowed for one day
longer than expected. For example, with the default of
``PASSWORD_RESET_TIMEOUT_DAYS = 3``, password reset tokens are now valid for
72 hours rather than 96 hours.
* The default size of the Oracle test tablespace is increased from 20M to 50M
and the default autoextend size is increased from 10M to 25M.

View File

@ -43,12 +43,10 @@ class TokenGeneratorTest(TestCase):
user = User.objects.create_user('tokentestuser', 'test2@example.com', 'testpw')
p0 = PasswordResetTokenGenerator()
tk1 = p0.make_token(user)
p1 = Mocked(date.today() + timedelta(days=settings.PASSWORD_RESET_TIMEOUT_DAYS, seconds=-1))
p1 = Mocked(date.today() + timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS))
self.assertTrue(p1.check_token(user, tk1))
p2 = Mocked(date.today() + timedelta(days=settings.PASSWORD_RESET_TIMEOUT_DAYS))
p2 = Mocked(date.today() + timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS + 1))
self.assertFalse(p2.check_token(user, tk1))
p3 = Mocked(date.today() + timedelta(days=settings.PASSWORD_RESET_TIMEOUT_DAYS, seconds=1))
self.assertFalse(p3.check_token(user, tk1))
def test_check_token_with_nonexistent_token_and_user(self):
user = User.objects.create_user('tokentestuser', 'test2@example.com', 'testpw')