blinkster: web/lib/django/contrib/auth/tokens.py@0d40e90630ef (annotated)

0 0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	1	from datetime import date
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	2	from django.conf import settings
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	3	from django.utils.http import int_to_base36, base36_to_int
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	4
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	5	class PasswordResetTokenGenerator(object):
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	6	"""
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	7	Strategy object used to generate and check tokens for the password
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	8	reset mechanism.
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	9	"""
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	10	def make_token(self, user):
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	11	"""
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	12	Returns a token that can be used once to do a password reset
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	13	for the given user.
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	14	"""
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	15	return self._make_token_with_timestamp(user, self._num_days(self._today()))
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	16
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	17	def check_token(self, user, token):
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	18	"""
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	19	Check that a password reset token is correct for a given user.
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	20	"""
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	21	# Parse the token
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	22	try:
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	23	ts_b36, hash = token.split("-")
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	24	except ValueError:
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	25	return False
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	26
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	27	try:
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	28	ts = base36_to_int(ts_b36)
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	29	except ValueError:
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	30	return False
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	31
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	32	# Check that the timestamp/uid has not been tampered with
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	33	if self._make_token_with_timestamp(user, ts) != token:
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	34	return False
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	35
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	36	# Check the timestamp is within limit
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	37	if (self._num_days(self._today()) - ts) > settings.PASSWORD_RESET_TIMEOUT_DAYS:
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	38	return False
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	39
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	40	return True
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	41
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	42	def _make_token_with_timestamp(self, user, timestamp):
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	43	# timestamp is number of days since 2001-1-1. Converted to
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	44	# base 36, this gives us a 3 digit string until about 2121
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	45	ts_b36 = int_to_base36(timestamp)
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	46
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	47	# By hashing on the internal state of the user and using state
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	48	# that is sure to change (the password salt will change as soon as
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	49	# the password is set, at least for current Django auth, and
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	50	# last_login will also change), we produce a hash that will be
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	51	# invalid as soon as it is used.
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	52	# We limit the hash to 20 chars to keep URL short
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	53	from django.utils.hashcompat import sha_constructor
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	54	hash = sha_constructor(settings.SECRET_KEY + unicode(user.id) +
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	55	user.password + user.last_login.strftime('%Y-%m-%d %H:%M:%S') +
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	56	unicode(timestamp)).hexdigest()[::2]
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	57	return "%s-%s" % (ts_b36, hash)
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	58
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	59	def _num_days(self, dt):
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	60	return (dt - date(2001,1,1)).days
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	61
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	62	def _today(self):
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	63	# Used for mocking in tests
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	64	return date.today()
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	65
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	66	default_token_generator = PasswordResetTokenGenerator()

author	ymh <ymh.work@gmail.com>
	Wed, 20 Jan 2010 00:34:04 +0100
changeset 0	0d40e90630ef
permissions	-rw-r--r--