[Baypiggies] Generating tokens for password reset

Harry Tormey slander at unworkable.org
Wed Jun 23 08:01:01 CEST 2010 

Thanks for the suggestions guys. I am using pylons with beaker
sessions, anyone know of any pylons related projects that do
something like this?


On Tue, Jun 22, 2010 at 10:12:17PM -0700, Jeremy Fishman wrote:
> Django also has the password_reset_confirm and password_reset_complete
> views.
> 
> As for the raw code generating the token it looks like the default is
> 
> def _make_token_with_timestamp(self, user, timestamp):
>     # timestamp is number of days since 2001-1-1.  Converted to
>     # base 36, this gives us a 3 digit string until about 2121
>     ts_b36 = int_to_base36(timestamp)
> 
>     # By hashing on the internal state of the user and using state
>     # that is sure to change (the password salt will change as soon as
>     # the password is set, at least for current Django auth, and
>     # last_login will also change), we produce a hash that will be
>     # invalid as soon as it is used.
>     # We limit the hash to 20 chars to keep URL short
>     from django.utils.hashcompat import sha_constructor
>     hash = sha_constructor(settings.SECRET_KEY + unicode(user.id) +
>                            user.password +
> user.last_login.strftime('%Y-%m-%d %H:%M:%S') +
>                            unicode(timestamp)).hexdigest()[::2]
>     return "%s-%s" % (ts_b36, hash)
> 
>   - Jeremy
> 
> On Tue, Jun 22, 2010 at 9:42 PM, Max Slimmer <max at theslimmers.net> wrote:
> 
> > web2py has this functionality built in, you might look at how they did
> > it (Python based framework)
> > max
> >
> >
> > On Tue, Jun 22, 2010 at 9:27 PM, Harry Tormey <slander at unworkable.org>
> > wrote:
> > > Hi All,
> > > I am in the process of creating a password reset form and I want to
> > generate a url with a token
> > > to be sent out to a given user so that they can reset their accounts
> > password. Any suggestions
> > > on how to do this?
> > >
> > > --
> > > Harry Tormey
> > > Co Founder P2P Research
> > > http://p2presearch.com
> > > Founder PyGameSF
> > > http://pygamesf.org
> > > Director
> > > http://snaptic.com
> > > _______________________________________________
> > > Baypiggies mailing list
> > > Baypiggies at python.org
> > > To change your subscription options or unsubscribe:
> > > http://mail.python.org/mailman/listinfo/baypiggies
> > >
> > _______________________________________________
> > Baypiggies mailing list
> > Baypiggies at python.org
> > To change your subscription options or unsubscribe:
> > http://mail.python.org/mailman/listinfo/baypiggies
> >

-- 
Harry Tormey
Co Founder P2P Research
http://p2presearch.com
Founder PyGameSF
http://pygamesf.org
Director
http://snaptic.com

More information about the Baypiggies mailing list