[Django] #30423: Make PasswordResetTokenGenerator's timeout extendable
Django
------------------------------------------+------------------------
Reporter: Antoine Humeau | Owner: nobody
Type: New feature | Status: new
Component: Uncategorized | Version: 2.2
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
------------------------------------------+------------------------
The goal of this ticket is to make the password token generator's timeout
extendable in the same way that ticket
[https://code.djangoproject.com/ticket/28017 #28017] made the secret
extendable.
My usecase is using the token generator to build one time login links with
timeouts different from the password reset process's timeout.
--
Ticket URL: <https://code.djangoproject.com/ticket/30423>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: Antoine Humeau | Owner: Antoine Humeau
Type: New feature | Status: assigned
Component: Uncategorized | Version: 2.2
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Antoine Humeau):
* owner: nobody => Antoine Humeau
* status: new => assigned
--
Ticket URL: <https://code.djangoproject.com/ticket/30423#comment:1>
Django
Reporter: Antoine Humeau | Owner: Antoine Humeau
Type: New feature | Status: assigned
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Antoine Humeau):
* has_patch: 0 => 1
Comment:
Pull request: [https://github.com/django/django/pull/11302]
--
Ticket URL: <https://code.djangoproject.com/ticket/30423#comment:2>
Django
--------------------------------+------------------------------------------
Reporter: Antoine Humeau | Owner: Antoine Humeau
Component: Uncategorized | Version: master
Severity: Normal | Resolution: wontfix
Keywords: | Triage Stage: Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by felixxm):
* status: assigned => closed
* version: 2.2 => master
* resolution: => wontfix
Comment:
Thanks for the ticket, however `PasswordResetTokenGenerator` is not a
universal token generator. I wouldn't use it for other tokens. You can use
`TimestampSigner` to create one time login links (see
[https://docs.djangoproject.com/en/2.2/topics/signing/#module-
django.core.signing Cryptographic signing]) or subclass
`PasswordResetTokenGenerator` (probably you should override also
`_make_hash_value()`).
Related with #19871.
--
Ticket URL: <https://code.djangoproject.com/ticket/30423#comment:3>
Django
--------------------------------+------------------------------------------
Reporter: Antoine Humeau | Owner: Antoine Humeau
Type: New feature | Status: closed
Component: Uncategorized | Version: master
Severity: Normal | Resolution: wontfix
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Iuri de Silvio):
The issue this PR tried to fix was the difficult to subclass
`PasswordResetTokenGenerator` with custom timeout to support the solution
suggested by @felixxm.
--
Ticket URL: <https://code.djangoproject.com/ticket/30423#comment:4>