[Baypiggies] Generating tokens for password reset
Jeremy Fishman
jeremy.r.fishman at gmail.com
Wed Jun 23 07:12:17 CEST 2010
Django also has the password_reset_confirm and password_reset_complete
views.
As for the raw code generating the token it looks like the default is
def _make_token_with_timestamp(self, user, timestamp):
# timestamp is number of days since 2001-1-1. Converted to
# base 36, this gives us a 3 digit string until about 2121
ts_b36 = int_to_base36(timestamp)
# By hashing on the internal state of the user and using state
# that is sure to change (the password salt will change as soon as
# the password is set, at least for current Django auth, and
# last_login will also change), we produce a hash that will be
# invalid as soon as it is used.
# We limit the hash to 20 chars to keep URL short
from django.utils.hashcompat import sha_constructor
hash = sha_constructor(settings.SECRET_KEY + unicode(user.id) +
user.password +
user.last_login.strftime('%Y-%m-%d %H:%M:%S') +
unicode(timestamp)).hexdigest()[::2]
return "%s-%s" % (ts_b36, hash)
- Jeremy
On Tue, Jun 22, 2010 at 9:42 PM, Max Slimmer <max at theslimmers.net> wrote:
> web2py has this functionality built in, you might look at how they did
> it (Python based framework)
> max
>
>
> On Tue, Jun 22, 2010 at 9:27 PM, Harry Tormey <slander at unworkable.org>
> wrote:
> > Hi All,
> > I am in the process of creating a password reset form and I want to
> generate a url with a token
> > to be sent out to a given user so that they can reset their accounts
> password. Any suggestions
> > on how to do this?
> >
> > --
> > Harry Tormey
> > Co Founder P2P Research
> > http://p2presearch.com
> > Founder PyGameSF
> > http://pygamesf.org
> > Director
> > http://snaptic.com
> > _______________________________________________
> > Baypiggies mailing list
> > Baypiggies at python.org
> > To change your subscription options or unsubscribe:
> > http://mail.python.org/mailman/listinfo/baypiggies
> >
> _______________________________________________
> Baypiggies mailing list
> Baypiggies at python.org
> To change your subscription options or unsubscribe:
> http://mail.python.org/mailman/listinfo/baypiggies
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/baypiggies/attachments/20100622/47b35139/attachment.html>
More information about the Baypiggies
mailing list