Rýchlejšia kontrola tokenov

accounts/auth_remember_utils.py

@@ -1,26 +1,24 @@
 # -*- coding: utf-8 -*-
 from __future__ import unicode_literals
 
-import uuid
+import secrets
 
 from django.contrib import auth as django_auth
-from django.contrib.auth.hashers import make_password
 
 from .accounts_settings import COOKIE_AGE, COOKIE_NAME
 from common_utils.cookies import set_cookie
 
 
 def create_token_string(user, token=None):
 	from .models import RememberToken
-	token_value = uuid.uuid4().hex
-	token_hash = make_password(token_value)
+	token_hash = secrets.token_urlsafe(64)
 	token = RememberToken(
 		token_hash=token_hash,
 		user=user
 	)
 
 	token.save()
-	return '%d:%s' % (user.id, token_value)
+	return '%d:%s' % (user.id, token_hash)
 
 
 def preset_cookie(request, token_string):

accounts/models.py

@@ -4,7 +4,6 @@
 
 from django.apps import apps
 from django.conf import settings
-from django.contrib.auth.hashers import check_password
 from django.contrib.auth.models import AbstractUser, UserManager
 from django.core.exceptions import ValidationError
 from django.core.serializers.json import DjangoJSONEncoder
@@ -185,15 +184,12 @@ class Meta:
 class RememberTokenManager(models.Manager):
 	def get_by_string(self, token):
 		try:
-			user_id, token_hash = token.split(':')
+			user_id, token_hash = token.split(':', 1)
 		except ValueError:
 			return None
 
 		max_age = timezone.now() - timedelta(seconds=accounts_settings.COOKIE_AGE)
-		for db_token in self.all().filter(created__gte=max_age, user=user_id):
-			if check_password(token_hash, db_token.token_hash):
-				return db_token
-		return None
+		return self.filter(created__gte=max_age, user=user_id, token_hash=token_hash).first()
 
 	def clean_remember_tokens(self):
 		max_age = timezone.now() - timedelta(seconds=accounts_settings.COOKIE_AGE)