Minor bugfix: moved ConstantEmbedNode DoesNotExist reraising so that it actually...
[philo.git] / contrib / waldo / tokens.py
1 """
2 Based on django.contrib.auth.tokens
3 """
4
5
6 from datetime import date
7 from django.conf import settings
8 from django.utils.http import int_to_base36, base36_to_int
9 from django.contrib.auth.tokens import PasswordResetTokenGenerator
10
11
12 REGISTRATION_TIMEOUT_DAYS = getattr(settings, 'WALDO_REGISTRATION_TIMEOUT_DAYS', 1)
13 EMAIL_TIMEOUT_DAYS = getattr(settings, 'WALDO_EMAIL_TIMEOUT_DAYS', 1)
14
15
16 class RegistrationTokenGenerator(PasswordResetTokenGenerator):
17         """
18         Strategy object used to generate and check tokens for the user registration mechanism.
19         """
20         def check_token(self, user, token):
21                 """
22                 Check that a registration token is correct for a given user.
23                 """
24                 # If the user is active, the hash can't be valid.
25                 if user.is_active:
26                         return False
27                 
28                 # Parse the token
29                 try:
30                         ts_b36, hash = token.split('-')
31                 except ValueError:
32                         return False
33                 
34                 try:
35                         ts = base36_to_int(ts_b36)
36                 except ValueError:
37                         return False
38                 
39                 # Check that the timestamp and uid have not been tampered with.
40                 if self._make_token_with_timestamp(user, ts) != token:
41                         return False
42                 
43                 # Check that the timestamp is within limit
44                 if (self._num_days(self._today()) - ts) > REGISTRATION_TIMEOUT_DAYS:
45                         return False
46                 
47                 return True
48         
49         def _make_token_with_timestamp(self, user, timestamp):
50                 ts_b36 = int_to_base36(timestamp)
51                 
52                 # By hashing on the internal state of the user and using state that is
53                 # sure to change, we produce a hash that will be invalid as soon as it
54                 # is used.
55                 from django.utils.hashcompat import sha_constructor
56                 hash = sha_constructor(settings.SECRET_KEY + unicode(user.id) + unicode(user.is_active) + user.last_login.strftime('%Y-%m-%d %H:%M:%S') + unicode(timestamp)).hexdigest()[::2]
57                 return '%s-%s' % (ts_b36, hash)
58
59
60 registration_token_generator = RegistrationTokenGenerator()
61
62
63 class EmailTokenGenerator(PasswordResetTokenGenerator):
64         """
65         Strategy object used to generate and check tokens for a user email change mechanism.
66         """
67         def make_token(self, user, email):
68                 """
69                 Returns a token that can be used once to do an email change for the given user and email.
70                 """
71                 return self._make_token_with_timestamp(user, email, self._num_days(self._today()))
72         
73         def check_token(self, user, email, token):
74                 if email == user.email:
75                         return False
76                 
77                 # Parse the token
78                 try:
79                         ts_b36, hash = token.split('-')
80                 except ValueError:
81                         return False
82                 
83                 try:
84                         ts = base36_to_int(ts_b36)
85                 except ValueError:
86                         return False
87                 
88                 # Check that the timestamp and uid have not been tampered with.
89                 if self._make_token_with_timestamp(user, email, ts) != token:
90                         return False
91                 
92                 # Check that the timestamp is within limit
93                 if (self._num_days(self._today()) - ts) > EMAIL_TIMEOUT_DAYS:
94                         return False
95                 
96                 return True
97         
98         def _make_token_with_timestamp(self, user, email, timestamp):
99                 ts_b36 = int_to_base36(timestamp)
100                 
101                 from django.utils.hashcompat import sha_constructor
102                 hash = sha_constructor(settings.SECRET_KEY + unicode(user.id) + user.email + email + unicode(timestamp)).hexdigest()[::2]
103                 return '%s-%s' % (ts_b36, hash)
104
105
106 email_token_generator = EmailTokenGenerator()