setting expiration time to django password reset token

python django django-users
Sar009 picture Sar009 · Jan 16, 2014 · Viewed 11.8k times · Source

I am using the inbuilt password reset functionality of Django which emails the user the password reset link. Is there an option in Django to set an expiration time to the link suppose 6 hours after which the link become invalid and user will have to request again for password recovery.

Answer

Ed Patrick Tan picture Ed Patrick Tan · Mar 20, 2014

If you're using Django's built-in password reset functionality, you can use the setting PASSWORD_RESET_TIMEOUT_DAYS.

Example: if a user uses a password reset link that was generated 2 days ago and you have PASSWORD_RESET_TIMEOUT_DAYS=1 in your project's settings, the link will be invalid and the user cannot continue.

More info here: https://docs.djangoproject.com/en/2.2/ref/settings/#password-reset-timeout-days

Related questions

How to use 'User' as foreign key in Django 1.5

I have made a custom profile model which looks like this: from django.db import models from django.contrib.auth.models import User class UserProfile(models.Model): user = models.ForeignKey('User', unique=True) name = models.CharField(max_length=30) occupation = models.…

Read More
request.user returns a SimpleLazyObject, how do I "wake" it?

I have the following method: def _attempt(actor): if actor.__class__ != User: raise TypeError Which is called from a view: self.object.attempt(self.request.user) As you can see, the _attempt method expects actor to be type django.contrib.…

Read More
How to delete user in django?

This may sounds a stupid question but I have difficulty deleting users in django using this view: @staff_member_required def del_user(request, username): try: u = User.objects.get(username = username) u.delete() messages.sucess(request, "The user is …

Read More