Documentation
¶
Overview ¶
Package passlib.reset implements creation and verification of secure tokens useful for implementation of "reset forgotten password" feature in web applications.
This package generates and verifies signed one-time tokens that can be embedded in a link sent to users when they initiate the password reset procedure. When a user changes their password, or when the expiry time passes, the token becomes invalid.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrMalformedToken = errors.New("malformed token") ErrExpiredToken = errors.New("token expired") ErrWrongSignature = errors.New("wrong token signature") )
var MinLength = base64.URLEncoding.EncodedLen(decodedMinLength)
It is useful for avoiding DoS attacks with too long tokens: before passing a token to Verify function, check that it has length less than the [maximum login length allowed in your application] + MinLength.
Functions ¶
func NewToken ¶
NewToken returns a new password reset token for the given login, which expires after the given time duration since now, signed by the key generated from the given password value (which can be any value that will be changed once a user resets their password, such as password hash or salt used to generate it), and the given secret key.
func VerifyToken ¶
func VerifyToken(token string, pwdvalFn func(string) ([]byte, error), secret []byte) (string, error)
VerifyToken verifies the given token with the password value returned by the given function and the given secret key, and returns login extracted from the valid token. If the token is not valid, the function returns an error.
Function pwdvalFn must return the current password value for the login it receives in arguments, or an error. If it returns an error, VerifyToken returns the same error.
Types ¶
This section is empty.
Source Files