我想为使用 Google App Engine 的用户模型生成密码重置令牌。显然,我们不允许在 GAE 中轻松使用 Django,因此 Django 生成令牌的方法的原始代码是:
def _make_token_with_timestamp(self, user, timestamp):
# timestamp is number of days since 2001-1-1. Converted to
# base 36, this gives us a 3 digit string until about 2121
ts_b36 = int_to_base36(timestamp)
# By hashing on the internal state of the user and using state
# that is sure to change (the password salt will change as soon as
# the password is set, at least for current Django auth, and
# last_login will also change), we produce a hash that will be
# invalid as soon as it is used.
# We limit the hash to 20 chars to keep URL short
key_salt = "django.contrib.auth.tokens.PasswordResetTokenGenerator"
# Ensure results are consistent across DB backends
login_timestamp = user.last_login.replace(microsecond=0, tzinfo=None)
value = (unicode(user.id) + user.password +
unicode(login_timestamp) + unicode(timestamp))
hash = salted_hmac(key_salt, value).hexdigest()[::2]
return "%s-%s" % (ts_b36, hash)
Python 不是我的专业语言,因此我需要一些帮助来编写类似于上述方法的自定义方法。我只有几个问题。首先,时间戳的目的是什么?Django 有自己的用户系统,而我使用的是我自己的简单自定义用户模型。我需要保留上述代码的哪些方面,我可以取消哪些方面?