3 g@sTddlmZmZddlmZddlmZmZddlmZm Z GdddZ e Z dS))datetimetime)settings)constant_time_compare salted_hmac) base36_to_int int_to_base36c@sVeZdZdZdZdZdZddZddZdd Z dd d Z d dZ ddZ ddZ dS)PasswordResetTokenGeneratorza Strategy object used to generate and check tokens for the password reset mechanism. z6django.contrib.auth.tokens.PasswordResetTokenGeneratorNcCs |jp tj|_|jptj|_dS)N)secretrZ SECRET_KEY algorithmZDEFAULT_HASHING_ALGORITHM)selfr X/var/www/tester-filtro-web/env/lib/python3.6/site-packages/django/contrib/auth/tokens.py__init__sz$PasswordResetTokenGenerator.__init__cCs|j||j|jS)zi Return a token that can be used once to do a password reset for the given user. )_make_token_with_timestamp _num_seconds_now)r userr r r make_tokensz&PasswordResetTokenGenerator.make_tokencCs|o|s dSy|jd\}}t|dk}Wntk r>dSXy t|}Wntk r`dSXt|j|||st|j||dd|sdS|j}|r|d 9}|t|tj |j t j j 7}|j||tjkrdSdS) zP Check that a password reset token is correct for a given user. F-T)legacy<iiQ)splitlen ValueErrorrrrrintrcombinedatermin total_secondsrrZPASSWORD_RESET_TIMEOUT)r rtokents_b36_Z legacy_tokentsnowr r r check_tokens. "z'PasswordResetTokenGenerator.check_tokenFcCsHt|}t|j|j|||j|r$dn|jdjddd}d||fS)Nsha1)r r z%s-%s)rrkey_salt_make_hash_valuer r hexdigest)r r timestamprr#Z hash_stringr r rrHs z6PasswordResetTokenGenerator._make_token_with_timestampcCsR|jdkrdn|jjddd}|j}t||dp4d}|j|j|||S)a Hash the user's primary key, email (if available), and some user state that's sure to change after a password reset to produce a token that is invalidated when it's used: 1. The password field will change upon a password reset (even if the same password is chosen, due to password salting). 2. The last_login field will usually be updated very shortly after a password reset. Failing those things, settings.PASSWORD_RESET_TIMEOUT eventually invalidates the token. Running this data through salted_hmac() prevents password cracking attempts using the reset token, provided the secret isn't compromised. Nr) microsecondtzinfo)Z last_loginreplaceZget_email_field_namegetattrpkpassword)r rr-Zlogin_timestampZ email_fieldemailr r rr+Wsz,PasswordResetTokenGenerator._make_hash_valuecCst|tdddjS)Ni)rrr!)r dtr r rrmsz(PasswordResetTokenGenerator._num_secondscCstjS)N)rr&)r r r rrpsz PasswordResetTokenGenerator._now)F)__name__ __module__ __qualname____doc__r*r r rrr'rr+rrr r r rr s* r N) rrZ django.confrZdjango.utils.cryptorrZdjango.utils.httprrr Zdefault_token_generatorr r r rs  m