In much the same way as the secret key(s) and hash algorithm used are
configurable through instance attributes, it'd be very convenient if the
timeout was too (defaulting to `settings.PASSWORD_RESET_TIMEOUT`, of
course). The token generator is a generic and useful token generator, and
it can be helpful to use elsewhere. This is the only piece of
configuration tied to password reset which isn't easily reconfigured.
A potential extension might be to pass the user into the getter for the
token generator, allowing the timeout to be configured on a per-user basis
(eg require admins to use the link sooner). A very niche feature, but
trivial to implement during this refactor.
--
Ticket URL: <https://code.djangoproject.com/ticket/34876>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
* status: new => closed
* has_patch: 1 => 0
* resolution: => duplicate
Comment:
Duplicate of #30423.
--
Ticket URL: <https://code.djangoproject.com/ticket/34876#comment:1>