Login/Register
setting expiration time to django password reset token
Asked Answered
Solved pythondjangodjango-users
S

3

27

I am using the inbuilt password reset functionality of Django which emails the user the password reset link. Is there an option in Django to set an expiration time to the link suppose 6 hours after which the link become invalid and user will have to request again for password recovery.

Succory answered 16/1, 2014 at 7:1 Comment(0)
S
39

If you're using Django's built-in password reset functionality, you can use the setting PASSWORD_RESET_TIMEOUT_DAYS.

Example: if a user uses a password reset link that was generated 2 days ago and you have PASSWORD_RESET_TIMEOUT_DAYS=1 in your project's settings, the link will be invalid and the user cannot continue.

More info here: https://docs.djangoproject.com/en/stable/ref/settings/#password-reset-timeout-days

Supramolecular answered 20/3, 2014 at 2:55 Comment(0)
T
19

Django includes functionality to expire the token in less than 1 day in Django 3.1 or newer. Use the setting PASSWORD_RESET_TIMEOUT which takes number of seconds after which token will expire.

PASSWORD_RESET_TIMEOUT = 259200 # 3 days, in seconds

Documentation: https://docs.djangoproject.com/en/stable/ref/settings/#password-reset-timeout

Tapping answered 23/7, 2020 at 10:40 Comment(1)
Actually, by default, it expires after 3 daysBolster
C
0

function

def convert_to_seconds(days: int = 0, hours: int = 0, minutes: int = 0, seconds: int = 0):
    """
        # Convert time information to seconds.

        - Args:
            - `days` (`int`): Number of days. `Default: 0`.
            - `hours` (`int`): Number of hours. `Default: 0`.
            - `minutes` (`int`): Number of minutes. `Default: 0`.
            - `seconds` (`int`): Number of seconds. `Default: 0`.

        - Returns:
            - int: Total seconds for the specified time.

        Example:
        ```
        >>> convert_to_seconds(days=2, hours=12, minutes=30, seconds=15)
        210015
        >>> convert_to_seconds(hours=1, minutes=30)
        5400
        >>> convert_to_seconds(minutes=30)
        1800
        >>> convert_to_seconds(minutes=30, seconds=10)
        1810
        >>> convert_to_seconds(minutes=30, seconds=155550)
        157350
        >>> convert_to_seconds(days=365)
        31536000
        >>> 

        ```
    """
    total_seconds = days * 24 * 60 * 60  # Convert days to seconds
    total_seconds += hours * 60 * 60  # Convert hours to seconds
    total_seconds += minutes * 60  # Convert minutes to seconds
    total_seconds += seconds  # Seconds to seconds
    return int(total_seconds)

settings.py

PASSWORD_RESET_TIMEOUT = convert_to_seconds(minutes=30)
Cherise answered 29/4 at 19:31 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.