PasswordResetTokenGenerator
Strategy object used to generate and check tokens for the password reset mechanism.
Attributes
| Attribute | Type | Description |
|---|---|---|
| key_salt | string = django.contrib.auth.tokens.PasswordResetTokenGenerator | A salt string used to provide an extra layer of security when generating the HMAC hash for the token. |
| algorithm | string = null | The hashing algorithm used by salted_hmac to generate the token, defaulting to 'sha256'. |
| secret | string | The primary secret key used for HMAC generation, which defaults to the project's SECRET_KEY if not explicitly set. |
| secret_fallbacks | list | A list of fallback secret keys used to verify tokens during rotation, defaulting to the project's SECRET_KEY_FALLBACKS. |
Constructor
Signature
def PasswordResetTokenGenerator()
Methods
make_token()
@classmethod
def make_token(
user: [User](../models/user.md?sid=django_contrib_auth_models_user)
) - > string
Return a token that can be used once to do a password reset for the given user.
Parameters
| Name | Type | Description |
|---|---|---|
| user | [User](../models/user.md?sid=django_contrib_auth_models_user) | The user instance for whom the password reset token is being generated. |
Returns
| Type | Description |
|---|---|
string | A base36-encoded timestamp and HMAC hash string separated by a hyphen. |
check_token()
@classmethod
def check_token(
user: [User](../models/user.md?sid=django_contrib_auth_models_user),
token: string
) - > boolean
Check that a password reset token is correct for a given user.
Parameters
| Name | Type | Description |
|---|---|---|
| user | [User](../models/user.md?sid=django_contrib_auth_models_user) | The user instance to validate the token against. |
| token | string | The token string provided by the user, typically from a reset URL. |
Returns
| Type | Description |
|---|---|
boolean | True if the token is valid and within the timeout period, False otherwise. |