[1.0.X] Fixed #10265: fixed a bug when generating a password reset token for a user created on the same request. Thanks, crucialfelix. Backport of r10341 from trunk.
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10342 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
eb24c7fd0c
commit
647ff3f1ac
|
@ -8,6 +8,14 @@ TOKEN_GENERATOR_TESTS = """
|
||||||
>>> p0.check_token(u, tk1)
|
>>> p0.check_token(u, tk1)
|
||||||
True
|
True
|
||||||
|
|
||||||
|
>>> u = User.objects.create_user('comebackkid', 'test3@example.com', 'testpw')
|
||||||
|
>>> p0 = PasswordResetTokenGenerator()
|
||||||
|
>>> tk1 = p0.make_token(u)
|
||||||
|
>>> reload = User.objects.get(username='comebackkid')
|
||||||
|
>>> tk2 = p0.make_token(reload)
|
||||||
|
>>> tk1 == tk2
|
||||||
|
True
|
||||||
|
|
||||||
Tests to ensure we can use the token after n days, but no greater.
|
Tests to ensure we can use the token after n days, but no greater.
|
||||||
Use a mocked version of PasswordResetTokenGenerator so we can change
|
Use a mocked version of PasswordResetTokenGenerator so we can change
|
||||||
the value of 'today'
|
the value of 'today'
|
||||||
|
|
|
@ -52,7 +52,7 @@ class PasswordResetTokenGenerator(object):
|
||||||
# We limit the hash to 20 chars to keep URL short
|
# We limit the hash to 20 chars to keep URL short
|
||||||
from django.utils.hashcompat import sha_constructor
|
from django.utils.hashcompat import sha_constructor
|
||||||
hash = sha_constructor(settings.SECRET_KEY + unicode(user.id) +
|
hash = sha_constructor(settings.SECRET_KEY + unicode(user.id) +
|
||||||
user.password + unicode(user.last_login) +
|
user.password + user.last_login.strftime('%Y-%m-%d %H:%M:%S') +
|
||||||
unicode(timestamp)).hexdigest()[::2]
|
unicode(timestamp)).hexdigest()[::2]
|
||||||
return "%s-%s" % (ts_b36, hash)
|
return "%s-%s" % (ts_b36, hash)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue