Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is it possible to add expiration time to tokens of email activation? #708

Open
albjoaov opened this issue Dec 13, 2022 · 1 comment
Open

Is it possible to add expiration time to tokens of email activation? #708

albjoaov opened this issue Dec 13, 2022 · 1 comment

Comments

@albjoaov
Copy link

Who needs this change would need to overwrite some structure like view or serialize? Or can we add through some parameter?

REF: https://stackoverflow.com/questions/71628282/add-expire-time-for-validation-and-verification-in-djoser
@chapimenge3
Copy link

chapimenge3 commented Dec 31, 2022
edited

@albjoaov

A simple answer would be yes and just add the below in your setting.

PASSWORD_RESET_TIMEOUT = 60 # in second

So what is happening is Djoser uses Django password reset functionality while generating and validating the token. So if that is the case Django already has a time out for the password reset value so you can set the above value but one catch is you will get the below error if the token is expired instead of a timeout validation error.

"token": [
     "Invalid token for given user."
 ]
}

[for the maintainer] The above issue can be fixed by only updating the Message value from djoser/constants.Messages.INVALID_TOKEN_ERROR to more descriptive value. Like

Invalid token or Expired Token for given user

Tested on my machine and it is working fine.

Hope this helps.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@albjoaov @chapimenge3