| author | Sverre Rabbelier <srabbelier@gmail.com> |
| Sun, 07 Dec 2008 17:02:10 +0000 | |
| changeset 705 | 0ab17e14df95 |
| parent 323 | ff1a9aa48cfd |
| permissions | -rw-r--r-- |
|
323
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
1 |
from datetime import date |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
2 |
from django.conf import settings |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
3 |
from django.utils.http import int_to_base36, base36_to_int |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
4 |
|
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
5 |
class PasswordResetTokenGenerator(object): |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
6 |
""" |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
7 |
Stratgy object used to generate and check tokens for the password |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
8 |
reset mechanism. |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
9 |
""" |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
10 |
def make_token(self, user): |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
11 |
""" |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
12 |
Returns a token that can be used once to do a password reset |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
13 |
for the given user. |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
14 |
""" |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
15 |
return self._make_token_with_timestamp(user, self._num_days(self._today())) |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
16 |
|
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
17 |
def check_token(self, user, token): |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
18 |
""" |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
19 |
Check that a password reset token is correct for a given user. |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
20 |
""" |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
21 |
# Parse the tokem |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
22 |
try: |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
23 |
ts_b36, hash = token.split("-")
|
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
24 |
except ValueError: |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
25 |
return False |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
26 |
|
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
27 |
try: |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
28 |
ts = base36_to_int(ts_b36) |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
29 |
except ValueError: |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
30 |
return False |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
31 |
|
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
32 |
# Check that the timestamp/uid has not been tampered with |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
33 |
if self._make_token_with_timestamp(user, ts) != token: |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
34 |
return False |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
35 |
|
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
36 |
# Check the timestamp is within limit |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
37 |
if (self._num_days(self._today()) - ts) > settings.PASSWORD_RESET_TIMEOUT_DAYS: |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
38 |
return False |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
39 |
|
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
40 |
return True |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
41 |
|
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
42 |
def _make_token_with_timestamp(self, user, timestamp): |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
43 |
# timestamp is number of days since 2001-1-1. Converted to |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
44 |
# base 36, this gives us a 3 digit string until about 2121 |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
45 |
ts_b36 = int_to_base36(timestamp) |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
46 |
|
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
47 |
# By hashing on the internal state of the user and using state |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
48 |
# that is sure to change (the password salt will change as soon as |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
49 |
# the password is set, at least for current Django auth, and |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
50 |
# last_login will also change), we produce a hash that will be |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
51 |
# invalid as soon as it is used. |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
52 |
# We limit the hash to 20 chars to keep URL short |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
53 |
from django.utils.hashcompat import sha_constructor |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
54 |
hash = sha_constructor(settings.SECRET_KEY + unicode(user.id) + |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
55 |
user.password + unicode(user.last_login) + |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
56 |
unicode(timestamp)).hexdigest()[::2] |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
57 |
return "%s-%s" % (ts_b36, hash) |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
58 |
|
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
59 |
def _num_days(self, dt): |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
60 |
return (dt - date(2001,1,1)).days |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
61 |
|
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
62 |
def _today(self): |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
63 |
# Used for mocking in tests |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
64 |
return date.today() |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
65 |
|
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
66 |
default_token_generator = PasswordResetTokenGenerator() |