p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Reverted "Fixed #28248 -- Fixed password reset tokens being valid for 1 day longer than PASSWORD_RESET_TIMEOUT_DAYS." 

This reverts commit 95993a89ce.
This commit is contained in:
Tim Graham 2017-09-25 08:51:02 -04:00
parent c180abe6f1
commit 67a6ba391b
3 changed files with 3 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
django/contrib/auth/tokens.py
View File

@ -42,7 +42,7 @@ class PasswordResetTokenGenerator:
return False return False
# Check the timestamp is within limit # Check the timestamp is within limit
if (self._num_days(self._today()) - ts) >= settings.PASSWORD_RESET_TIMEOUT_DAYS: if (self._num_days(self._today()) - ts) > settings.PASSWORD_RESET_TIMEOUT_DAYS:
return False return False
return True return True

6
docs/releases/2.0.txt
View File

@ -566,12 +566,6 @@ Miscellaneous
connection, those queries could be included as part of the connection, those queries could be included as part of the
``assertNumQueries()`` count. ``assertNumQueries()`` count.
* The ``PASSWORD_RESET_TIMEOUT_DAYS`` setting is more properly respected in
``contrib.auth`` password reset. Previously, resets were allowed for one day
longer than expected. For example, with the default of
``PASSWORD_RESET_TIMEOUT_DAYS = 3``, password reset tokens are now valid for
72 hours rather than 96 hours.
* The default size of the Oracle test tablespace is increased from 20M to 50M * The default size of the Oracle test tablespace is increased from 20M to 50M
and the default autoextend size is increased from 10M to 25M. and the default autoextend size is increased from 10M to 25M.

6
tests/auth_tests/test_tokens.py
View File

@ -43,12 +43,10 @@ class TokenGeneratorTest(TestCase):
user = User.objects.create_user('tokentestuser', 'test2@example.com', 'testpw') user = User.objects.create_user('tokentestuser', 'test2@example.com', 'testpw')
p0 = PasswordResetTokenGenerator() p0 = PasswordResetTokenGenerator()
tk1 = p0.make_token(user) tk1 = p0.make_token(user)
p1 = Mocked(date.today() + timedelta(days=settings.PASSWORD_RESET_TIMEOUT_DAYS, seconds=-1)) p1 = Mocked(date.today() + timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS))
self.assertTrue(p1.check_token(user, tk1)) self.assertTrue(p1.check_token(user, tk1))
p2 = Mocked(date.today() + timedelta(days=settings.PASSWORD_RESET_TIMEOUT_DAYS)) p2 = Mocked(date.today() + timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS + 1))
self.assertFalse(p2.check_token(user, tk1)) self.assertFalse(p2.check_token(user, tk1))
p3 = Mocked(date.today() + timedelta(days=settings.PASSWORD_RESET_TIMEOUT_DAYS, seconds=1))
self.assertFalse(p3.check_token(user, tk1))
def test_check_token_with_nonexistent_token_and_user(self): def test_check_token_with_nonexistent_token_and_user(self):
user = User.objects.create_user('tokentestuser', 'test2@example.com', 'testpw') user = User.objects.create_user('tokentestuser', 'test2@example.com', 'testpw')