注册    登录
创作新主题
社区所有版块导航
Python
python开源   Django   Python   DjangoApp   pycharm  
DATA
docker   Elasticsearch  
分享
问与答   闲聊   招聘   翻译   创业   分享发现   分享创造   求职   区块链   支付之战  
aigc
aigc   chatgpt  
WEB开发
linux   MongoDB   Redis   DATABASE   NGINX   其他Web框架   web工具   zookeeper   tornado   NoSql   Bootstrap   js   peewee   Git   bottle   IE   MQ   Jquery  
机器学习
机器学习算法  
Python88.com
反馈   公告   社区推广  
产品
短视频  
印度
印度  
关注
Py学习  »  Django

default_token_generator生成的token过期之后django怎么处理的?自动删除了吗?

liaozd • 10 年前 • 7120 次点击  

from django.contrib.auth.tokens import default_token_generator

token = default_token_generator.make_token(user)

在settings.py里面有一个设置是PASSWORD_RESET_TIMEOUT_DAYS,这方面django文档好像没有详细的说。

我该如何判断token是否过期了?

Python社区是高质量的Python/Django开发社区
本文地址:http://www.python88.com/topic/844
Reply
 
7120 次点击  
文章 [ 3 ]  |  最新文章 10 年前
liaozd
Reply   •   1 楼
liaozd    10 年前

@Django中国社区 有两种可能,一种是建了token但是过期了,还一种是token是假的。这两种情况都拿不到。
liaozd
Reply   •   2 楼
liaozd    10 年前

@Django中国社区 谢谢,我想做的是如果过期就转到另外的过期页面。然后还想怎么测试token过期,过期时间最小只能是day么?

django 源码:

` from datetime import date from django.conf import settings from django.utils.http import int_to_base36, base36_to_int from django.utils.crypto import constant_time_compare, salted_hmac from django.utils import six

class PasswordResetTokenGenerator(object): """ Strategy object used to generate and check tokens for the password reset mechanism. """ def make_token(self, user): """ Returns a token that can be used once to do a password reset for the given user. """ return self._make_token_with_timestamp(user, self._num_days(self._today()))

def check_token(self, user, token):
    """
    Check that a password reset token is correct for a given user.
    """
    # Parse the token
    try:
        ts_b36, hash = token.split("-")
    except ValueError:
        return False

    try:
        ts = base36_to_int(ts_b36)
    except ValueError:
        return False

    # Check that the timestamp/uid has not been tampered with
    if not constant_time_compare(self._make_token_with_timestamp(user, ts), token):
        return False

    # Check the timestamp is within limit
    if (self._num_days(self._today()) - ts) > settings.PASSWORD_RESET_TIMEOUT_DAYS:
        return False

    return True

def _make_token_with_timestamp(self, user, timestamp):
    # timestamp is number of days since 2001-1-1.  Converted to
    # base 36, this gives us a 3 digit string until about 2121
    ts_b36 = int_to_base36(timestamp)

    # By hashing on the internal state of the user and using state
    # that is sure to change (the password salt will change as soon as
    # the password is set, at least for current Django auth, and
    # last_login will also change), we produce a hash that will be
    # invalid as soon as it is used.
    # We limit the hash to 20 chars to keep URL short
    key_salt = "django.contrib.auth.tokens.PasswordResetTokenGenerator"

    # Ensure results are consistent across DB backends
    login_timestamp = user.last_login.replace(microsecond=0, tzinfo=None)

    value = (six.text_type(user.pk) + user.password +
            six.text_type(login_timestamp) + six.text_type(timestamp))
    hash = salted_hmac(key_salt, value).hexdigest()[::2]
    return "%s-%s" % (ts_b36, hash)

def _num_days(self, dt):
    return (dt - date(2001, 1, 1)).days

def _today(self):
    # Used for mocking in tests
    return date.today()

default_token_generator = PasswordResetTokenGenerator() `
Py站长
Reply   •   3 楼
Py站长    10 年前

如果在验证链接时,拿不到,说明就过期了吧

登录后回复
关于   移动版
Py学习 - 专注于Python技术发展的社区(原Django社区)
沪ICP备11025650号