what is the best way to generate a reset token in python?

后端未结

关注

 2  1623

無奈伤痛 2021-02-05 15:46

I\'m trying to make a validation process for a password reset, what i\'ve used are two values: the epoch time, and i want to use the users\'s old password (pbkdf2) as a key,

2条回答

误落风尘 (楼主)

2021-02-05 16:41
Not sure it's the best way, but I'd probably just generate a UUID4, which can be used in a URL to reset the password and expire it after 'n' amount of time.
```
>>> import uuid
>>> uuid.uuid4().hex
'8c05904f0051419283d1024fc5ce1a59'
```
You could use something like http://redis.io to hold that key, with a value of the appropriate user ID and set its time to live. So, when something comes in from http://example.com/password-reset/8c05904f0051419283d1024fc5ce1a59 it looks to see if it's valid and if so then allows changes to set a new password.

If you did want a "validation pin", then store along with the token, a small random key, eg:
```
>>> from string import digits
>>> from random import choice
>>> ''.join(choice(digits) for i in xrange(4))
'2545'
```
And request that be entered on the reset link.
0 讨论(0)

查看其它2个回答
发布评论:

提交评论
- 加载中...