o Mf@sTddlmZmZddlmZddlmZmZddlmZm Z GdddZ e Z dS))datetimetime)settings)constant_time_compare salted_hmac) base36_to_int int_to_base36c@sVeZdZdZdZdZdZddZddZdd Z dd d Z d dZ ddZ ddZ dS)PasswordResetTokenGeneratorza Strategy object used to generate and check tokens for the password reset mechanism. z6django.contrib.auth.tokens.PasswordResetTokenGeneratorNcCs |jptj|_|jp tj|_dSN)secretr SECRET_KEY algorithmDEFAULT_HASHING_ALGORITHMselfr\/var/www/html/analyze/labelStudio/lib/python3.10/site-packages/django/contrib/auth/tokens.py__init__sz$PasswordResetTokenGenerator.__init__cCs||||S)zi Return a token that can be used once to do a password reset for the given user. )_make_token_with_timestamp _num_seconds_now)ruserrrr make_tokensz&PasswordResetTokenGenerator.make_tokencCs|r|sdSz|d\}}t|dk}Wn tyYdSwzt|}Wn ty0YdSwt||||sGt|j||dd|sGdS|}|rb|d9}|t|t | t j  7}|||tjkrndSdS)zP Check that a password reset token is correct for a given user. F-T)legacyiQ)splitlen ValueErrorrrrrintrcombinedatermin total_secondsrrPASSWORD_RESET_TIMEOUT)rrtokents_b36_ legacy_tokentsnowrrr check_tokens4   "z'PasswordResetTokenGenerator.check_tokenFcCsHt|}t|j||||j|rdn|jdddd}d||fS)Nsha1)r r z%s-%s)rrkey_salt_make_hash_valuer r hexdigest)rr timestamprr& hash_stringrrrrHs    z6PasswordResetTokenGenerator._make_token_with_timestampcCsR|jdurdn|jjddd}|}t||dpd}|j|j|||S)a Hash the user's primary key, email (if available), and some user state that's sure to change after a password reset to produce a token that is invalidated when it's used: 1. The password field will change upon a password reset (even if the same password is chosen, due to password salting). 2. The last_login field will usually be updated very shortly after a password reset. Failing those things, settings.PASSWORD_RESET_TIMEOUT eventually invalidates the token. Running this data through salted_hmac() prevents password cracking attempts using the reset token, provided the secret isn't compromised. Nr) microsecondtzinfo) last_loginreplaceget_email_field_namegetattrpkpassword)rrr1login_timestamp email_fieldemailrrrr/Wsz,PasswordResetTokenGenerator._make_hash_valuecCst|tdddS)Ni)rrr#)rdtrrrrmsz(PasswordResetTokenGenerator._num_secondscCstSr )rr*rrrrrpsz PasswordResetTokenGenerator._now)F)__name__ __module__ __qualname____doc__r.r r rrr+rr/rrrrrrr s * r N) rr django.confrdjango.utils.cryptorrdjango.utils.httprrr default_token_generatorrrrrs   m