Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Can PASSWORD_RESET_TIMEOUT_DAYS in Django be set to .5 days or hours?

Tags:

django

I'm using Django's built-in Reset Password Views. As the title says, I wonder if I can set the PASSWORD_RESET_TIMEOUT_DAYS to half days (for example 1.5)?

If not, I guess I could extend and customize the Django auth view that makes use of this variable, but I have not been able to trace which one that would be?

like image 634
Pauline Avatar asked Sep 20 '18 14:09

Pauline

2 Answers

If we inspect the source code of the PasswordResetTokenGenerator on GitHub (Djang-2.1), we see:

# Check the timestamp is within limit. Timestamps are rounded to
# midnight (server time) providing a resolution of only 1 day. If a
# link is generated 5 minutes before midnight and used 6 minutes later,
# that counts as 1 day. Therefore, PASSWORD_RESET_TIMEOUT_DAYS = 1 means
# "at least 1 day, could be up to 2."
if (self._num_days(self._today()) - ts) > settings.PASSWORD_RESET_TIMEOUT_DAYS:
    return False

So the current day, as well as the timestamp (ts), we see that these are integer that calculate the number of days. The self._num_days(..) [GitHub] is calculated as:

def _num_days(self, dt):
    return (dt - date(2001, 1, 1)).days

So both are specified in "full days" since January 1, 2001. You can specify the number as a float, but it will not work, since the difference at the left side of the equation, only changes after one day, hence 0.5 or 1 is here the same.

Since according to the documentation of PASSWORD_RESET_TIMEOUT_DAYS [Django-doc]:

The minimum number of days a password reset link is valid for. Depending on when the link is generated, it will be valid for up to a day longer.

This setting thus acts as a discrete variable with as unit a day. Furthermore as we can see, the number of days is "quantized", which means that it can in reality result in 23 hours, 59 minutes, etc. extra.

like image 132
Willem Van Onsem Avatar answered Oct 16 '22 13:10

Willem Van Onsem

in Django version > 3.0 PASSWORD_RESET_TIMEOUT_DAYS has been deprecated. and now in the latest version it supports reducing the value of this timeout, so we can reduce it to the number of seconds a password reset link is valid for.

in your settings.py you can configure the same like below

PASSWORD_RESET_TIMEOUT = 259200 # Default: 259200 (3 days, in seconds)

for more info - https://docs.djangoproject.com/en/3.1/ref/settings/#password-reset-timeout

like image 30
Akhil S Avatar answered Oct 16 '22 14:10

Akhil S
Sign in to Comment

Related questions

Django Crispy form set model field as required
Doesn't Nginx support Django admin static files
disable ordering by default for django_tables2 Tables
Django CreateView - Display only particular objects in foreignkey field
Django Form Request.GET only get 1 value from multiple selected field
Configuring ALE plugin with Pylint
django have the ability to login with phone or email
ImproperlyConfigured SECRET_KEY error using django-environ
How to integrate Django with Kafka using Python?
Running periodic task at time stored in database
Django error message: ["'on' value must be either True or False."]
413 Request Entity Too Large uploading files with Django Admin and Nginx Configuration
Use custom function in ModelViewSet with Django Rest Framework
How can I override Django Rest Framework viewset perform_create() method to set a default value to a field
How to host a django website in my pc and view it in another pc?
How to get exactly one element from list in Jinja?
How to start an existing Django project?
how can we search many to many field in django admin search field
Django multiple foreign key, Same related name
Disable Sentry reporting when using djangos `manage.py shell`

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!