Token URL matching too specific, breaks in Django 3.1
jleclanche opened this issue · comments
RegistrationTokenGenerator
subclasses PasswordResetTokenGenerator
:
The generated token is matched against a URL in get_urls()
of the various backends:
However, the token portion of the code is very aggressively matching against (?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})
.
In Django 3.1, the token generation algorithm has changed:
Django too changed its path matching to just match an arbitrary chunk of text, rather than the very specific (?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})
.
Thank you, this is a mild bummer but a really helpful description.
django-organizations/organizations/backends/tokens.py
Lines 68 to 69 in 005df1f
This is also a problem, _num_days
is gone in 3.1:
django/django@226ebb1#diff-d992e9c01fee91337af54701e0dd8125