mirror of
https://github.com/encode/django-rest-framework.git
synced 2025-10-08 04:46:39 +03:00
97a771c405
* Refactor token generation to use secrets module * test: Add focused tests for Token.generate_key() method - Add test for valid token format (40 hex characters) - Add collision resistance test with 500 sample size - Add basic randomness quality validation - Ensure generated keys are unique and properly formatted
55 lines
1.5 KiB
Python
55 lines
1.5 KiB
Python
import secrets
|
|
|
|
from django.conf import settings
|
|
from django.db import models
|
|
from django.utils.translation import gettext_lazy as _
|
|
|
|
|
|
class Token(models.Model):
|
|
"""
|
|
The default authorization token model.
|
|
"""
|
|
key = models.CharField(_("Key"), max_length=40, primary_key=True)
|
|
user = models.OneToOneField(
|
|
settings.AUTH_USER_MODEL, related_name='auth_token',
|
|
on_delete=models.CASCADE, verbose_name=_("User")
|
|
)
|
|
created = models.DateTimeField(_("Created"), auto_now_add=True)
|
|
|
|
class Meta:
|
|
# Work around for a bug in Django:
|
|
# https://code.djangoproject.com/ticket/19422
|
|
#
|
|
# Also see corresponding ticket:
|
|
# https://github.com/encode/django-rest-framework/issues/705
|
|
abstract = 'rest_framework.authtoken' not in settings.INSTALLED_APPS
|
|
verbose_name = _("Token")
|
|
verbose_name_plural = _("Tokens")
|
|
|
|
def save(self, *args, **kwargs):
|
|
if not self.key:
|
|
self.key = self.generate_key()
|
|
return super().save(*args, **kwargs)
|
|
|
|
@classmethod
|
|
def generate_key(cls):
|
|
return secrets.token_hex(20)
|
|
|
|
def __str__(self):
|
|
return self.key
|
|
|
|
|
|
class TokenProxy(Token):
|
|
"""
|
|
Proxy mapping pk to user pk for use in admin.
|
|
"""
|
|
@property
|
|
def pk(self):
|
|
return self.user_id
|
|
|
|
class Meta:
|
|
proxy = 'rest_framework.authtoken' in settings.INSTALLED_APPS
|
|
abstract = 'rest_framework.authtoken' not in settings.INSTALLED_APPS
|
|
verbose_name = _("Token")
|
|
verbose_name_plural = _("Tokens")
|