[Django] #32407: Add token generator for email verification

[Django]

#32407: Add token generator for email verification
--------------------------------------------+----------------------------
Reporter: Kobus van Schoor | Owner: nobody
Type: New feature | Status: new
Component: contrib.auth | Version: master
Severity: Normal | Keywords: auth,token
Triage Stage: Unreviewed | Has patch: 1
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
--------------------------------------------+----------------------------
An email verification token generator similar to the existing
contrib.auth.tokens.PasswordResetTokenGenerator which generates a token
that stays valid even if the user has logged in or changed their password

--
Ticket URL: <https://code.djangoproject.com/ticket/32407>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

[Django]

#32407: Add token generator for email verification

----------------------------------+--------------------------------------

Reporter: Kobus van Schoor | Owner: nobody

Type: New feature | Status: closed
Component: contrib.auth | Version: master
Severity: Normal | Resolution: wontfix

Keywords: auth,token | Triage Stage: Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

----------------------------------+--------------------------------------
Changes (by Mariusz Felisiak):

* cc: Alex Gaynor (added)
* status: new => closed
* resolution: => wontfix

Comment:

Thanks for this ticket, however token should be rejected after changing a
password or an email (see #26615). I don't think that we would like to
encourage users to keep tokens valid after such changes by providing a
builtin generator which behaves differently.

--
Ticket URL: <https://code.djangoproject.com/ticket/32407#comment:1>

[Django]

#32407: Add token generator for email verification

----------------------------------+--------------------------------------

Reporter: Kobus van Schoor | Owner: nobody

Type: New feature | Status: closed
Component: contrib.auth | Version: master
Severity: Normal | Resolution: wontfix

Keywords: auth,token | Triage Stage: Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

----------------------------------+--------------------------------------

Comment (by Kobus van Schoor):

Thanks for the feedback, please note that this is a new generator separate
from the PasswordResetTokenGenerator which still has tokens that are
invalidated when the user logs in/changes their password. This new
generator is specifically for generating tokens that are used to validate
a user's email, hence the more relaxed conditions (since a user won't
expect a email verification token to be invalidated after logging in). I
can add the user's password back to the hash generation so that changing
your password still invalidates the token?

--
Ticket URL: <https://code.djangoproject.com/ticket/32407#comment:2>

[Django]

#32407: Add token generator for email verification

----------------------------------+--------------------------------------

Reporter: Kobus van Schoor | Owner: nobody

Type: New feature | Status: closed
Component: contrib.auth | Version: master
Severity: Normal | Resolution: wontfix

Keywords: auth,token | Triage Stage: Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

----------------------------------+--------------------------------------

Comment (by Mariusz Felisiak):

Ahh, sorry, I misunderstood your intentions. You want to have a token
generator for an email verification. Nevertheless, I don't think this need
to be included to Django, because an implementation is straightforward and
it will not be used by Django itself. You can start a discussion on
DevelopersMailingList if you don't agree.

--
Ticket URL: <https://code.djangoproject.com/ticket/32407#comment:3>