DvglddlmZddlmZddlmZmZddlmZmZGddZ e Z dS))datetime)settings)constant_time_compare salted_hmac) base36_to_int int_to_base36ceZdZdZdZdZdZdZdZdZ dZ e e e Z dZ dZe e eZd Zd Zd Zd Zd ZdZdS)PasswordResetTokenGeneratorza Strategy object used to generate and check tokens for the password reset mechanism. z6django.contrib.auth.tokens.PasswordResetTokenGeneratorNc"|jpd|_dS)Nsha256) algorithmselfs W/var/www/pixelcanvas.ch/venv/lib/python3.11/site-packages/django/contrib/auth/tokens.py__init__z$PasswordResetTokenGenerator.__init__s38c(|jp tjSN)_secretr SECRET_KEYrs r _get_secretz'PasswordResetTokenGenerator._get_secrets|2x22rc||_dSr)r)rsecrets r _set_secretz'PasswordResetTokenGenerator._set_secrets  rc6|j tjS|jSr)_secret_fallbacksrSECRET_KEY_FALLBACKSrs r_get_fallbacksz*PasswordResetTokenGenerator._get_fallbackss  ! )0 0%%rc||_dSr)r)r fallbackss r_set_fallbacksz*PasswordResetTokenGenerator._set_fallbacks#s!*rc|||||jS)zi Return a token that can be used once to do a password reset for the given user. )_make_token_with_timestamp _num_seconds_nowr)rusers r make_tokenz&PasswordResetTokenGenerator.make_token(s= ..    diikk * * K   rc|r|sdS |d\}}n#t$rYdSwxYw t|}n#t$rYdSwxYw|jg|jD])}t |||||rn*dS|||z tj krdSdS)zP Check that a password reset token is correct for a given user. F-T) split ValueErrorrrsecret_fallbacksrr#r$r%rPASSWORD_RESET_TIMEOUT)rr&tokents_b36_tsrs r check_tokenz'PasswordResetTokenGenerator.check_token3s  5  C((IFAA   55  v&&BB   55 {;T%:;  F$//b&AA    5   diikk * *R /83R R R5ts! //A AAct|}t|j|||||jddd}|d|S)N)rr r))rrkey_salt_make_hash_valuer hexdigest)rr& timestamprr/ hash_strings rr#z6PasswordResetTokenGenerator._make_token_with_timestampTsqy))! M  ! !$ 2 2n    )++ CaC  !&&++..rc|jdn|jdd}|}t||dpd}|j|j|||S)a Hash the user's primary key, email (if available), and some user state that's sure to change after a password reset to produce a token that is invalidated when it's used: 1. The password field will change upon a password reset (even if the same password is chosen, due to password salting). 2. The last_login field will usually be updated very shortly after a password reset. Failing those things, settings.PASSWORD_RESET_TIMEOUT eventually invalidates the token. Running this data through salted_hmac() prevents password cracking attempts using the reset token, provided the secret isn't compromised. Nr) microsecondtzinfo) last_loginreplaceget_email_field_namegetattrpkpassword)rr&r8login_timestamp email_fieldemails rr6z,PasswordResetTokenGenerator._make_hash_valuebs}&& B((Qt(DD  //11 k2..4"'M4=M/M9MeMMMrcht|tdddz S)Ni)intr total_seconds)rdts rr$z(PasswordResetTokenGenerator._num_seconds|s-B$1---<<>>???rc(tjSr)rnowrs rr%z PasswordResetTokenGenerator._nows|~~r)__name__ __module__ __qualname____doc__r5r rrrrrpropertyrrr!r,r'r2r#r6r$r%rrr r s  HHIG444333Xk; / /F&&& +++ x??    B / / /NNN4@@@rr N) r django.confrdjango.utils.cryptorrdjango.utils.httprrr default_token_generatorrSrrrXs BBBBBBBB::::::::yyyyyyyyx6577r