Skip to content

Tokens

hypha.apply.users.tokens

PasswordlessLoginTokenGenerator 

PasswordlessLoginTokenGenerator()

Bases: PasswordResetTokenGenerator

Source code in hypha/apply/users/tokens.py 
11
12
13
14
15
16
def __init__(self) -> None:
    self.key_salt = (
        self.key_salt or "hypha.apply.users.tokens.PasswordlessLoginTokenGenerator"
    )
    self.TIMEOUT = self.TIMEOUT or settings.PASSWORDLESS_LOGIN_TIMEOUT
    super().__init__()

key_salt class-attribute instance-attribute 

key_salt = key_salt or 'hypha.apply.users.tokens.PasswordlessLoginTokenGenerator'

TIMEOUT class-attribute instance-attribute 

TIMEOUT = TIMEOUT or PASSWORDLESS_LOGIN_TIMEOUT

check_token 

check_token(user, token)

Check that a token is correct for a given user.

Source code in hypha/apply/users/tokens.py 
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
def check_token(self, user, token):
    """
    Check that a token is correct for a given user.
    """
    if not (user and token):
        return False
    # Parse the token
    try:
        ts_b36, _ = token.split("-")
    except ValueError:
        return False

    try:
        ts = base36_to_int(ts_b36)
    except ValueError:
        return False

    # Check that the timestamp/uid has not been tampered with
    for secret in [self.secret, *self.secret_fallbacks]:
        if constant_time_compare(
            self._make_token_with_timestamp(user, ts, secret),
            token,
        ):
            break
    else:
        return False

    # Check the timestamp is within limit.
    if (self._num_seconds(self._now()) - ts) > self.TIMEOUT:
        return False

    return True

PasswordlessSignupTokenGenerator 

PasswordlessSignupTokenGenerator()

Bases: PasswordlessLoginTokenGenerator

Source code in hypha/apply/users/tokens.py 
56
57
58
59
60
61
def __init__(self) -> None:
    self.key_salt = (
        self.key_salt or "hypha.apply.users.tokens.PasswordlessLoginTokenGenerator"
    )
    self.TIMEOUT = self.TIMEOUT or settings.PASSWORDLESS_SIGNUP_TIMEOUT
    super().__init__()

key_salt class-attribute instance-attribute 

key_salt = key_salt or 'hypha.apply.users.tokens.PasswordlessLoginTokenGenerator'

TIMEOUT class-attribute instance-attribute 

TIMEOUT = TIMEOUT or PASSWORDLESS_SIGNUP_TIMEOUT

check_token 

check_token(user, token)

Check that a token is correct for a given user.

Source code in hypha/apply/users/tokens.py 
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
def check_token(self, user, token):
    """
    Check that a token is correct for a given user.
    """
    if not (user and token):
        return False
    # Parse the token
    try:
        ts_b36, _ = token.split("-")
    except ValueError:
        return False

    try:
        ts = base36_to_int(ts_b36)
    except ValueError:
        return False

    # Check that the timestamp/uid has not been tampered with
    for secret in [self.secret, *self.secret_fallbacks]:
        if constant_time_compare(
            self._make_token_with_timestamp(user, ts, secret),
            token,
        ):
            break
    else:
        return False

    # Check the timestamp is within limit.
    if (self._num_seconds(self._now()) - ts) > self.TIMEOUT:
        return False

    return True