Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

[1.0.X] Fixed #10265: fixed a bug when generating a password reset to…

…ken for a user created on the same request. Thanks, crucialfelix. Backport of r10341 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@10342 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 647ff3f1ac6d66a2ec7c9f7a9e6cdaa70da3dd9f 1 parent eb24c7f
Jacob Kaplan-Moss authored April 01, 2009
8  django/contrib/auth/tests/tokens.py
@@ -8,6 +8,14 @@
8 8
 >>> p0.check_token(u, tk1)
9 9
 True
10 10
 
  11
+>>> u = User.objects.create_user('comebackkid', 'test3@example.com', 'testpw')
  12
+>>> p0 = PasswordResetTokenGenerator()
  13
+>>> tk1 = p0.make_token(u)
  14
+>>> reload = User.objects.get(username='comebackkid')
  15
+>>> tk2 = p0.make_token(reload)
  16
+>>> tk1 == tk2
  17
+True
  18
+
11 19
 Tests to ensure we can use the token after n days, but no greater.
12 20
 Use a mocked version of PasswordResetTokenGenerator so we can change
13 21
 the value of 'today'
2  django/contrib/auth/tokens.py
@@ -52,7 +52,7 @@ def _make_token_with_timestamp(self, user, timestamp):
52 52
         # We limit the hash to 20 chars to keep URL short
53 53
         from django.utils.hashcompat import sha_constructor
54 54
         hash = sha_constructor(settings.SECRET_KEY + unicode(user.id) +
55  
-                               user.password + unicode(user.last_login) +
  55
+                               user.password + user.last_login.strftime('%Y-%m-%d %H:%M:%S') +
56 56
                                unicode(timestamp)).hexdigest()[::2]
57 57
         return "%s-%s" % (ts_b36, hash)
58 58
 

0 notes on commit 647ff3f

Please sign in to comment.
Something went wrong with that request. Please try again.