ITStudio_OUC/ITShowPlatform
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

测试gitnore

Browse Source
This commit is contained in:
ladeng07
2022-05-06 15:45:57 +08:00
parent 12f390949b
commit 51552904f9
2347 changed files with 120102 additions and 53549 deletions
Download Patch File Download Diff File Expand all files Collapse all files
venv/Lib/site-packages/django/contrib/auth/tokens.py
+32 -26
View File
@@ -1,4 +1,4 @@
from datetime import datetime
from datetime import datetime, time
from django.conf import settings
from django.utils.crypto import constant_time_compare, salted_hmac
@@ -10,21 +10,15 @@ class PasswordResetTokenGenerator:
Strategy object used to generate and check tokens for the password
reset mechanism.
"""
key_salt = "django.contrib.auth.tokens.PasswordResetTokenGenerator"
algorithm = None
_secret = None
secret = None
def __init__(self):
self.algorithm = self.algorithm or "sha256"
def _get_secret(self):
return self._secret or settings.SECRET_KEY
def _set_secret(self, secret):
self._secret = secret
secret = property(_get_secret, _set_secret)
self.secret = self.secret or settings.SECRET_KEY
# RemovedInDjango40Warning: when the deprecation ends, replace with:
# self.algorithm = self.algorithm or 'sha256'
self.algorithm = self.algorithm or settings.DEFAULT_HASHING_ALGORITHM
def make_token(self, user):
"""
@@ -42,6 +36,8 @@ class PasswordResetTokenGenerator:
# Parse the token
try:
ts_b36, _ = token.split("-")
# RemovedInDjango40Warning.
legacy_token = len(ts_b36) < 4
except ValueError:
return False
@@ -52,15 +48,28 @@ class PasswordResetTokenGenerator:
# Check that the timestamp/uid has not been tampered with
if not constant_time_compare(self._make_token_with_timestamp(user, ts), token):
return False
# RemovedInDjango40Warning: when the deprecation ends, replace
# with:
# return False
if not constant_time_compare(
self._make_token_with_timestamp(user, ts, legacy=True),
token,
):
return False
# RemovedInDjango40Warning: convert days to seconds and round to
# midnight (server time) for pre-Django 3.1 tokens.
now = self._now()
if legacy_token:
ts *= 24 * 60 * 60
ts += int((now - datetime.combine(now.date(), time.min)).total_seconds())
# Check the timestamp is within limit.
if (self._num_seconds(self._now()) - ts) > settings.PASSWORD_RESET_TIMEOUT:
if (self._num_seconds(now) - ts) > settings.PASSWORD_RESET_TIMEOUT:
return False
return True
def _make_token_with_timestamp(self, user, timestamp):
def _make_token_with_timestamp(self, user, timestamp, legacy=False):
# timestamp is number of seconds since 2001-1-1. Converted to base 36,
# this gives us a 6 digit string until about 2069.
ts_b36 = int_to_base36(timestamp)
@@ -68,10 +77,11 @@ class PasswordResetTokenGenerator:
self.key_salt,
self._make_hash_value(user, timestamp),
secret=self.secret,
algorithm=self.algorithm,
).hexdigest()[
::2
] # Limit to shorten the URL.
# RemovedInDjango40Warning: when the deprecation ends, remove the
# legacy argument and replace with:
# algorithm=self.algorithm,
algorithm='sha1' if legacy else self.algorithm,
).hexdigest()[::2] # Limit to shorten the URL.
return "%s-%s" % (ts_b36, hash_string)
def _make_hash_value(self, user, timestamp):
@@ -91,14 +101,10 @@ class PasswordResetTokenGenerator:
"""
# Truncate microseconds so that tokens are consistent even if the
# database doesn't support microseconds.
login_timestamp = (
""
if user.last_login is None
else user.last_login.replace(microsecond=0, tzinfo=None)
)
login_timestamp = '' if user.last_login is None else user.last_login.replace(microsecond=0, tzinfo=None)
email_field = user.get_email_field_name()
email = getattr(user, email_field, "") or ""
return f"{user.pk}{user.password}{login_timestamp}{timestamp}{email}"
email = getattr(user, email_field, '') or ''
return f'{user.pk}{user.password}{login_timestamp}{timestamp}{email}'
def _num_seconds(self, dt):
return int((dt - datetime(2001, 1, 1)).total_seconds())