Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Where is the generated token in DJANGO stored during password reset

I am trying to access the generated token(in the database table) when I request the "forgotten password" functionality, but I cannot seem to find it.

I am using django 1.10, rest_framework, django-rest-auth. I have checked inside authtoken_token as well as inside account_emailconfirmation tables but was unsuccessfully.

In github the source code refers to this in python as token_model I think https://github.com/Tivix/django-rest-auth/blob/master/rest_auth/utils.py

like image 799
anyavacy Avatar asked Jan 06 '18 00:01

anyavacy


People also ask

How does Django store passwords?

Django provides a flexible password storage system and uses PBKDF2 by default. Those are the components used for storing a User's password, separated by the dollar-sign character and consist of: the hashing algorithm, the number of algorithm iterations (work factor), the random salt, and the resulting password hash.

What if I forgot Django admin password?

Retrieve the Python shell using the command "python manage.py shell". Print a list of the users For Python 2 users use the command "print users" For Python 3 users use the command "print(users)" The first user is usually the admin. Select the user you wish to change their password e.g.

How do I send a reset password link in Django REST framework?

Here we will use a library called django-rest-passwordreset for creating Reset or Forgot Password API using Django Rest Framework. In models.py add following signal for sending email. Now copy that token which comes in email and and post token and password to /api/password_reset/confirm/ api url.


1 Answers

It doesn't store anywhere except user email. When user click on the provided link token parsed by PasswordResetTokenGenerator to obtain timestamp. With this timestamp PasswordResetTokenGenerator generate NEW token. And compare this new token with provided by user, see check_token method.

like image 170
neverwalkaloner Avatar answered Nov 03 '22 01:11

neverwalkaloner