k"g^ddlmZddlmZddlmZmZddlmZmZGddZ e Z y))datetime)settings)constant_time_compare salted_hmac) base36_to_int int_to_base36ceZdZdZdZdZdZdZdZdZ dZ e e e Z dZ dZe e eZd Zd Zd Zd Zd ZdZy)PasswordResetTokenGeneratorza Strategy object used to generate and check tokens for the password reset mechanism. z6django.contrib.auth.tokens.PasswordResetTokenGeneratorNc.|jxsd|_y)Nsha256) algorithmselfs S/var/www/html/djangosite/lib/python3.12/site-packages/django/contrib/auth/tokens.py__init__z$PasswordResetTokenGenerator.__init__s38c>|jxstjSN)_secretr SECRET_KEYrs r _get_secretz'PasswordResetTokenGenerator._get_secrets||2x222rc||_yr)r)rsecrets r _set_secretz'PasswordResetTokenGenerator._set_secrets  rcR|jtjS|jSr)_secret_fallbacksrSECRET_KEY_FALLBACKSrs r_get_fallbacksz*PasswordResetTokenGenerator._get_fallbackss&  ! ! )00 0%%%rc||_yr)r)r fallbackss r_set_fallbacksz*PasswordResetTokenGenerator._set_fallbacks#s !*rcv|j||j|j|jS)zi Return a token that can be used once to do a password reset for the given user. )_make_token_with_timestamp _num_seconds_nowr)rusers r make_tokenz&PasswordResetTokenGenerator.make_token(s5 ..    diik * KK  rcp|r|sy |jd\}} t|}|jg|jD]!}t |j ||||s!ny|j|j|z tjkDryy#t$rYywxYw#t$rYywxYw)zP Check that a password reset token is correct for a given user. F-T) split ValueErrorrrsecret_fallbacksrr#r$r%rPASSWORD_RESET_TIMEOUT)rr&tokents_b36_tsrs r check_tokenz'PasswordResetTokenGenerator.check_token3s  C(IFA v&B {{;T%:%:; F$//b&A     diik *R /83R3R R-     s"B B) B&%B&) B54B5ct|}t|j|j||||jj ddd}|d|S)N)rr r))rrkey_salt_make_hash_valuer hexdigest)rr& timestamprr/ hash_strings rr#z6PasswordResetTokenGenerator._make_token_with_timestampTs[y)! MM  ! !$ 2nn  )+ aC  !+..rc|jdn|jjdd}|j}t||dxsd}|j|j |||S)a Hash the user's primary key, email (if available), and some user state that's sure to change after a password reset to produce a token that is invalidated when it's used: 1. The password field will change upon a password reset (even if the same password is chosen, due to password salting). 2. The last_login field will usually be updated very shortly after a password reset. Failing those things, settings.PASSWORD_RESET_TIMEOUT eventually invalidates the token. Running this data through salted_hmac() prevents password cracking attempts using the reset token, provided the secret isn't compromised. Nr) microsecondtzinfo) last_loginreplaceget_email_field_namegetattrpkpassword)rr&r8login_timestamp email_fieldemails rr6z,PasswordResetTokenGenerator._make_hash_valuebsv&& ((Qt(D  //1 k2.4"''4==//):9+eWMMrcPt|tdddz jS)Ni)intr total_seconds)rdts rr$z(PasswordResetTokenGenerator._num_seconds|s$B$1--<<>??rc*tjSr)rnowrs rr%z PasswordResetTokenGenerator._nows||~r)__name__ __module__ __qualname____doc__r5r rrrrrpropertyrrr!r,r'r2r#r6r$r%rrr r sv HHIG43k; /F& + ?  B /N4@rr N) r django.confrdjango.utils.cryptorrdjango.utils.httprrr default_token_generatorrSrrrXs) B:yyx67r