Hi Alexander.
You can simply override ‘check_token’ to avoide this harcoded
settings.PASSWORD_RESET_TIMEOUT on the 57 line.
And for yours task it can be with super call and after add additional check.
It is only some additional lines:
MyСlassFromPasswordResetTokenGenerator(…):
MY_OWN_TIMEOUT = your_timeout
def check_token(self, *args, **kwargs):
return super().check_token(*args, **kwargs) or
self._my_check_token_function_with_other_timeout(*args, **kwargs))
_my_check_token_function_with_other_timeout – should check if super returns
false not from last ‘if’ in PasswordResetTokenGenerator.check_token
For us it works without any problem.
Mit freundlichen Grüßen,
DI Mag. Maxim Danilov
+43(681)207 447 76
<mailto:ma...@wpsoft.at> ma...@wpsoft.at
From: django-developers@googlegroups.com
[mailto:django-developers@googlegroups.com] On Behalf Of Alexander Voloshchenko
Sent: Monday, August 22, 2022 3:40 PM
To: Django developers (Contributions to Django itself)
<django-developers@googlegroups.com>
Subject: Make timeout property for PasswordResetTokenGenerator
During project development our team needs to create several types of tokens.
One of them will be used in case of account reset password. The second one is
for account activation. Django itself has a good class for token generation
called PasswordResetTokenGenerator. And now for account activation, we are
using our own class called ActivationTokenGenerator, a subclass of
PasswordResetTokenGenerator with overridden _make_hash_value method. And it
works, but there is one problem. And this problem is called "timeout". For now,
every token created with PasswordResetTokenGenerator will have timeout from
settings.PASSWORD_RESET_TIMEOUT variable and can be changed only by changing
this variable value. But what if we need different timeouts for different
tokens? And I don't think we want changing timeout for activation token using a
variable which is screaming about password reset (PASSWORD_RESET_TIMEOUT), we
would like to use smth called ACTIVATION_TOKEN_TIMEOUT
So there is a solution: why not create a timeout property for
PasswordResetTokenGenerator class? Almost in the same way as it was done with
_secret and algorithm fields.So our development team come up with an idea to
create a PR which will add this functionality to the Django project. But before
this we decided to search similar solutions in django PRs. And we found them!
Ticket 30423 <https://code.djangoproject.com/ticket/30423>
https://code.djangoproject.com/ticket/30423 sounds good enough, but it was
closed with wontfix label.So the question is: why not to add this fine feature
to the PasswordResetTokenGenerator ? And if people find this useful - why not
to merge one o the existing PRs?
--
You received this message because you are subscribed to the Google Groups
"Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-developers+unsubscr...@googlegroups.com
<mailto:django-developers+unsubscr...@googlegroups.com> .
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/4f810acc-f2b4-4931-a84e-a59332a825f1n%40googlegroups.com
<https://groups.google.com/d/msgid/django-developers/4f810acc-f2b4-4931-a84e-a59332a825f1n%40googlegroups.com?utm_medium=email&utm_source=footer>
.
--
You received this message because you are subscribed to the Google Groups
"Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/000001d8b645%2451b33f90%24f519beb0%24%40wpsoft.at.
