Refactored PasswordResetTokenGenerator to be a bit more extensible.

2015-04-19 18:51:18 -07:00 · 2015-04-19 18:51:18 -07:00 · 6387d9d41f
parent f5fbddf22f
commit 6387d9d41f
1 changed files with 13 additions and 6 deletions
--- a/django/contrib/auth/tokens.py
+++ b/django/contrib/auth/tokens.py
@ -11,6 +11,8 @@ class PasswordResetTokenGenerator(object):
    Strategy object used to generate and check tokens for the password
    reset mechanism.
    """
+    key_salt = "django.contrib.auth.tokens.PasswordResetTokenGenerator"
+
    def make_token(self, user):
        """
        Returns a token that can be used once to do a password reset
@ -54,15 +56,20 @@ class PasswordResetTokenGenerator(object):
        # last_login will also change), we produce a hash that will be
        # invalid as soon as it is used.
        # We limit the hash to 20 chars to keep URL short
-        key_salt = "django.contrib.auth.tokens.PasswordResetTokenGenerator"

+        hash = salted_hmac(
+            self.key_salt,
+            self._make_hash_value(user, timestamp),
+        ).hexdigest()[::2]
+        return "%s-%s" % (ts_b36, hash)
+
+    def _make_hash_value(self, user, timestamp):
        # Ensure results are consistent across DB backends
        login_timestamp = '' if user.last_login is None else user.last_login.replace(microsecond=0, tzinfo=None)
-
-        value = (six.text_type(user.pk) + user.password +
-                six.text_type(login_timestamp) + six.text_type(timestamp))
-        hash = salted_hmac(key_salt, value).hexdigest()[::2]
-        return "%s-%s" % (ts_b36, hash)
+        return (
+            six.text_type(user.pk) + user.password +
+            six.text_type(login_timestamp) + six.text_type(timestamp)
+        )

    def _num_days(self, dt):
        return (dt - date(2001, 1, 1)).days