[Baypiggies] Generating tokens for password reset

Jeremy Fishman jeremy.r.fishman at gmail.com
Wed Jun 23 07:12:17 CEST 2010


Django also has the password_reset_confirm and password_reset_complete
views.

As for the raw code generating the token it looks like the default is

def _make_token_with_timestamp(self, user, timestamp):
    # timestamp is number of days since 2001-1-1.  Converted to
    # base 36, this gives us a 3 digit string until about 2121
    ts_b36 = int_to_base36(timestamp)

    # By hashing on the internal state of the user and using state
    # that is sure to change (the password salt will change as soon as
    # the password is set, at least for current Django auth, and
    # last_login will also change), we produce a hash that will be
    # invalid as soon as it is used.
    # We limit the hash to 20 chars to keep URL short
    from django.utils.hashcompat import sha_constructor
    hash = sha_constructor(settings.SECRET_KEY + unicode(user.id) +
                           user.password +
user.last_login.strftime('%Y-%m-%d %H:%M:%S') +
                           unicode(timestamp)).hexdigest()[::2]
    return "%s-%s" % (ts_b36, hash)

  - Jeremy

On Tue, Jun 22, 2010 at 9:42 PM, Max Slimmer <max at theslimmers.net> wrote:

> web2py has this functionality built in, you might look at how they did
> it (Python based framework)
> max
>
>
> On Tue, Jun 22, 2010 at 9:27 PM, Harry Tormey <slander at unworkable.org>
> wrote:
> > Hi All,
> > I am in the process of creating a password reset form and I want to
> generate a url with a token
> > to be sent out to a given user so that they can reset their accounts
> password. Any suggestions
> > on how to do this?
> >
> > --
> > Harry Tormey
> > Co Founder P2P Research
> > http://p2presearch.com
> > Founder PyGameSF
> > http://pygamesf.org
> > Director
> > http://snaptic.com
> > _______________________________________________
> > Baypiggies mailing list
> > Baypiggies at python.org
> > To change your subscription options or unsubscribe:
> > http://mail.python.org/mailman/listinfo/baypiggies
> >
> _______________________________________________
> Baypiggies mailing list
> Baypiggies at python.org
> To change your subscription options or unsubscribe:
> http://mail.python.org/mailman/listinfo/baypiggies
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/baypiggies/attachments/20100622/47b35139/attachment.html>


More information about the Baypiggies mailing list