|
Server : Apache System : Linux iad1-shared-b8-43 6.6.49-grsec-jammy+ #10 SMP Thu Sep 12 23:23:08 UTC 2024 x86_64 User : dh_edsupp ( 6597262) PHP Version : 8.2.26 Disable Function : NONE Directory : /lib/python3/dist-packages/django/contrib/auth/__pycache__/ |
Upload File : |
o
����3�a�����������������������@���sT���d�dl�m�Z�mZ�d�dlmZ�d�dlmZmZ�d�dlmZm Z �G�dd��d�Z
e
��Z
dS�)�����)�datetime�time)�settings)�constant_time_compare�
salted_hmac)�
base36_to_int�
int_to_base36c�������������������@���sV���e�Zd�ZdZdZdZdZdd��Zdd��Zdd ��Z dd
d
�Z
d
d��Z
dd��Z
dd��Z
dS�)�PasswordResetTokenGeneratorza
Strategy object used to generate and check tokens for the password
reset mechanism.
z6django.contrib.auth.tokens.PasswordResetTokenGeneratorNc�����������������C���s ���|�j�ptj|�_�|�jp
tj|�_d�S��N)�secretr����
SECRET_KEY� algorithm�DEFAULT_HASHING_ALGORITHM��self��r����</usr/lib/python3/dist-packages/django/contrib/auth/tokens.py�__init__���s���z$PasswordResetTokenGenerator.__init__c�����������������C���s���|���||��|������S�)zi
Return a token that can be used once to do a password reset
for the given user.
)�_make_token_with_timestamp�
_num_seconds�_now)r����userr���r���r����
make_token���s���z&PasswordResetTokenGenerator.make_tokenc�����������������C���s����|r|sdS�z|��d�\}}t|�dk�}W�n
�ty ���Y�dS�w�zt|�}W�n
�ty0���Y�dS�w�t|��||�|�sGt|�j||dd�|�sGdS�|����}|rb|d9�}|t|t� |�
��t
j
���
���7�}|��|�|�tjkrndS�dS�)zP
Check that a password reset token is correct for a given user.
F�-����T)�legacyi�Q�)�split�len�
ValueErrorr���r���r���r����intr����combine�dater����min�
total_secondsr���r����PASSWORD_RESET_TIMEOUT)r���r����token�ts_b36�_�
legacy_token�ts�nowr���r���r����
check_token
���s4���
�
��"z'PasswordResetTokenGenerator.check_tokenFc�����������������C���sH���t�|�}t|�j|��||�|�j|rdn|�jd����d�d�d��}d||f�S�)N�sha1)r
���r
�������z%s-%s)r���r����key_salt�_make_hash_valuer
���r
���� hexdigest)r���r���� timestampr���r&����
hash_stringr���r���r���r���H���s���
�
�
z6PasswordResetTokenGenerator._make_token_with_timestampc�����������������C���sR���|j�du�rdn|j�jddd�}|���}t||d�pd}|j��|j��|��|��|���S�)a���
Hash the user's primary key, email (if available), and some user state
that's sure to change after a password reset to produce a token that is
invalidated when it's used:
1. The password field will change upon a password reset (even if the
same password is chosen, due to password salting).
2. The last_login field will usually be updated very shortly after
a password reset.
Failing those things, settings.PASSWORD_RESET_TIMEOUT eventually
invalidates the token.
Running this data through salted_hmac() prevents password cracking
attempts using the reset token, provided the secret isn't compromised.
N��r���)�
microsecond�tzinfo)�
last_login�replace�get_email_field_name�getattr�pk�password)r���r���r1����login_timestamp�
email_field�emailr���r���r���r/���W���s���
z,PasswordResetTokenGenerator._make_hash_valuec�����������������C���s���t�|tddd������S�)Ni�������)r ���r���r#���)r����dtr���r���r���r���m���s���z(PasswordResetTokenGenerator._num_secondsc�����������������C���s���t����S�r
���)r���r*���r���r���r���r���r���p���s���z PasswordResetTokenGenerator._now)F)�__name__�
__module__�
__qualname__�__doc__r.���r
���r
���r���r���r+���r���r/���r���r���r���r���r���r���r ������s����
*
r ���N)
r���r����
django.confr����django.utils.cryptor���r����django.utils.httpr���r���r ����default_token_generatorr���r���r���r����<module>���s
����
m