class documentation
class PasswordResetTokenGenerator: (source)
Strategy object used to generate and check tokens for the password reset mechanism.
| Method | __init__ |
Undocumented |
| Method | check |
Check that a password reset token is correct for a given user. |
| Method | make |
Return a token that can be used once to do a password reset for the given user. |
| Class Variable | key |
Undocumented |
| Class Variable | secret |
Undocumented |
| Class Variable | secret |
Undocumented |
| Instance Variable | algorithm |
Undocumented |
| Method | _get |
Undocumented |
| Method | _get |
Undocumented |
| Method | _make |
Hash the user's primary key, email (if available), and some user state that's sure to change after a password reset to produce a token that is invalidated when it's used: 1. The password field will change upon a password reset (even if the same password is chosen, due to password salting)... |
| Method | _make |
Undocumented |
| Method | _now |
Undocumented |
| Method | _num |
Undocumented |
| Method | _set |
Undocumented |
| Method | _set |
Undocumented |
| Instance Variable | _secret |
Undocumented |
| Instance Variable | _secret |
Undocumented |
Hash the user's primary key, email (if available), and some user state that's sure to change after a password reset to produce a token that is invalidated when it's used: 1. The password field will change upon a password reset (even if the same password is chosen, due to password salting). 2. The last_login field will usually be updated very shortly after a password reset. Failing those things, settings.PASSWORD_RESET_TIMEOUT eventually invalidates the token. Running this data through salted_hmac() prevents password cracking attempts using the reset token, provided the secret isn't compromised.