+
+registration_token_generator = RegistrationTokenGenerator()
+
+
+class EmailTokenGenerator(PasswordResetTokenGenerator):
+ """
+ Strategy object used to generate and check tokens for a user email change mechanism.
+ """
+ def make_token(self, user, email):
+ """
+ Returns a token that can be used once to do an email change for the given user and email.
+ """
+ return self._make_token_with_timestamp(user, email, self._num_days(self._today()))
+
+ def check_token(self, user, email, token):
+ if email == user.email:
+ return False
+
+ # Parse the token
+ try:
+ ts_b36, hash = token.split('-')
+ except ValueError:
+ return False
+
+ try:
+ ts = base36_to_int(ts_b36)
+ except ValueError:
+ return False
+
+ # Check that the timestamp and uid have not been tampered with.
+ if self._make_token_with_timestamp(user, email, ts) != token:
+ return False
+
+ # Check that the timestamp is within limit
+ if (self._num_days(self._today()) - ts) > EMAIL_TIMEOUT_DAYS:
+ return False
+
+ return True
+
+ def _make_token_with_timestamp(self, user, email, timestamp):
+ ts_b36 = int_to_base36(timestamp)
+
+ hash = sha1(settings.SECRET_KEY + unicode(user.id) + user.email + email + unicode(timestamp)).hexdigest()[::2]
+ return '%s-%s' % (ts_b36, hash)
+
+
+email_token_generator = EmailTokenGenerator()
\ No newline at end of file