diff --git a/tests/auth_tests/test_tokens.py b/tests/auth_tests/test_tokens.py index 5b48eb9785d..af823b1114e 100644 --- a/tests/auth_tests/test_tokens.py +++ b/tests/auth_tests/test_tokens.py @@ -111,3 +111,23 @@ class TokenGeneratorTest(TestCase): # Tokens created with a different secret don't validate. self.assertIs(p0.check_token(user, tk1), False) self.assertIs(p1.check_token(user, tk0), False) + + def test_token_with_different_secret_subclass(self): + class CustomPasswordResetTokenGenerator(PasswordResetTokenGenerator): + secret = 'test-secret' + + user = User.objects.create_user('tokentestuser', 'test2@example.com', 'testpw') + custom_password_generator = CustomPasswordResetTokenGenerator() + tk_custom = custom_password_generator.make_token(user) + self.assertIs(custom_password_generator.check_token(user, tk_custom), True) + + default_password_generator = PasswordResetTokenGenerator() + self.assertNotEqual( + custom_password_generator.secret, + default_password_generator.secret, + ) + self.assertEqual(default_password_generator.secret, settings.SECRET_KEY) + # Tokens created with a different secret don't validate. + tk_default = default_password_generator.make_token(user) + self.assertIs(custom_password_generator.check_token(user, tk_default), False) + self.assertIs(default_password_generator.check_token(user, tk_custom), False)