Token generator for user actions

misago/users/tests/test_tokens.py

@@ -0,0 +1,20 @@
+from django.contrib.auth import get_user_model
+from django.test import TestCase
+
+from misago.users import tokens
+
+
+class TokensTests(TestCase):
+    def test_tokens(self):
+        """misago.users.tokens implementation works"""
+        User = get_user_model()
+
+        user_a = User.objects.create_user('Bob', 'bob@test.com', 'pass123')
+        user_b = User.objects.create_user('Weebl', 'weebl@test.com', 'pass123')
+
+        token_a = tokens.make(user_a, 'test')
+        token_b = tokens.make(user_b, 'test')
+
+        self.assertTrue(tokens.is_valid(token_a, user_a, 'test'))
+        self.assertTrue(tokens.is_valid(token_b, user_b, 'test'))
+        self.assertTrue(token_a != token_b)

misago/users/tokens.py

@@ -0,0 +1,20 @@
+from hashlib import sha256
+
+from django.conf import settings
+
+
+def make(user, token_type):
+    seeds = (
+        user.pk,
+        user.email,
+        user.password,
+        user.last_login.replace(microsecond=0, tzinfo=None),
+        token_type,
+        settings.SECRET_KEY,
+    )
+
+    return sha256('+'.join([unicode(s) for s in seeds])).hexdigest()[:12]
+
+
+def is_valid(token, user, token_type):
+    return token == make(user, token_type)