Django PasswordResetTokenGenerator

clarkeustaquio · December 27, 2020, 1:43pm

What is the difference between using

from django.contrib.auth.tokens import PasswordResetTokenGenerator
from six import text_type

class TokenGenerator(PasswordResetTokenGenerator):
    def _make_hash_value(self, user, timestamp):
        return (
            text_type(user.pk) + text_type(timestamp) +
            text_type(user.is_active)
        )

account_activation_token = TokenGenerator()

AND

from django.contrib.auth.tokens import PasswordResetTokenGenerator
account_activation_token = PasswordResetTokenGenerator()

Initializing the PasswordResetTokenGenerator seems fine, without the need to override the _make_hash_value method.

Reference: django/django/contrib/auth/tokens.py at main · django/django · GitHub

KenWhitesell · December 27, 2020, 2:44pm

When in doubt, take a look at the source. The comments in that function describe what it’s doing and why, and will help you understand the difference between the two.

Topic		Replies	Views
Will upgrade to Django3.2 break password reset tokens? Forms & APIs	2	574	August 17, 2022
How can one generate password reset URLS? Using Django	3	9539	May 19, 2020
any reason for password field change Using Django	2	513	January 8, 2021
Custom password hashing Using Django	4	3985	December 14, 2021
Repurposing default_token_generator, worked in 2.2 fails in 3.1 Using Django	3	2001	May 28, 2021

Django PasswordResetTokenGenerator

Related topics