h^SSKJr SSKJr SSKJrJr SSKJrJr "SS5r \ "5r g))datetime)settings)constant_time_compare salted_hmac) base36_to_int int_to_base36c\rSrSrSrSrSrSrSrSr Sr Sr \ "\ \ 5r SrS r\ "\\5rS rS rS rS rSrSrSrg)PasswordResetTokenGeneratorzU Strategy object used to generate and check tokens for the password reset mechanism. z6django.contrib.auth.tokens.PasswordResetTokenGeneratorNc8UR=(d SUlg)Nsha256) algorithmselfs L/var/www/html/env/lib/python3.13/site-packages/django/contrib/auth/tokens.py__init__$PasswordResetTokenGenerator.__init__s38cHUR=(d [R$N)_secretr SECRET_KEYrs r _get_secret'PasswordResetTokenGenerator._get_secrets||2x222rcXlgr)r)rsecrets r _set_secret'PasswordResetTokenGenerator._set_secrets rcTURc[R$UR$r)_secret_fallbacksrSECRET_KEY_FALLBACKSrs r_get_fallbacks*PasswordResetTokenGenerator._get_fallbackss&  ! ! )00 0%%%rcXlgr)r )r fallbackss r_set_fallbacks*PasswordResetTokenGenerator._set_fallbacks#s!*rcvURUURUR55UR5$)zQ Return a token that can be used once to do a password reset for the given user. )_make_token_with_timestamp _num_seconds_nowr)rusers r make_token&PasswordResetTokenGenerator.make_token(s5 ..    diik * KK  rcU(aU(dgURS5up4[U5nUR/URQH&n[ UR XU5U5(dM& O gURUR55U- [R:agg![a gf=f![a gf=f)z@ Check that a password reset token is correct for a given user. F-T) split ValueErrorrrsecret_fallbacksrr)r*r+rPASSWORD_RESET_TIMEOUT)rr,tokents_b36_tsrs r check_token'PasswordResetTokenGenerator.check_token3s  C(IF v&B {{;T%:%:;F$//&A <   diik *R /83R3R R-     s"B* B:* B76B7: CCc[U5n[URURX5UURS9R 5SSS2nU<SU<3$)N)rrr0)rrkey_salt_make_hash_valuer hexdigest)rr, timestamprr6 hash_strings rr)6PasswordResetTokenGenerator._make_token_with_timestampTsYy)! MM  ! !$ 2nn  )+ aC  !+..rcURcSOURRSSS9nUR5n[XS5=(d SnURUR UUU3$)ab Hash the user's primary key, email (if available), and some user state that's sure to change after a password reset to produce a token that is invalidated when it's used: 1. The password field will change upon a password reset (even if the same password is chosen, due to password salting). 2. The last_login field will usually be updated very shortly after a password reset. Failing those things, settings.PASSWORD_RESET_TIMEOUT eventually invalidates the token. Running this data through salted_hmac() prevents password cracking attempts using the reset token, provided the secret isn't compromised. Nr) microsecondtzinfo) last_loginreplaceget_email_field_namegetattrpkpassword)rr,r@login_timestamp email_fieldemails rr>,PasswordResetTokenGenerator._make_hash_valuebst&& ((Qt(D  //1 2.4"''4==//):9+eWMMrcP[U[SSS5- R55$)Ni)intr total_seconds)rdts rr*(PasswordResetTokenGenerator._num_seconds|s$B$1--<<>??rc,[R"5$r)rnowrs rr+ PasswordResetTokenGenerator._nows||~r)rr r)__name__ __module__ __qualname____firstlineno____doc__r=rrr rrrpropertyrr"r&r3r-r9r)r>r*r+__static_attributes__rrr r sv HHIG43k; /F& + ?  B /N4@rr N) r django.confrdjango.utils.cryptorrdjango.utils.httprrr default_token_generatorrarrrfs) B:yyx67r