Reputation: 1707
Where is the generated token in DJANGO stored during password reset
I am trying to access the generated token(in the database table) when I request the "forgotten password" functionality, but I cannot seem to find it.
I am using django 1.10, rest_framework, django-rest-auth. I have checked inside authtoken_token as well as inside account_emailconfirmation tables but was unsuccessfully.
In github the source code refers to this in python as token_model I think
https://github.com/Tivix/django-rest-auth/blob/master/rest_auth/utils.py
Upvotes: 6
Views: 3891
Answers (1)
Reputation: 47374
It doesn't store anywhere except user email. When user click on the provided link token parsed by PasswordResetTokenGenerator to obtain timestamp. With this timestamp PasswordResetTokenGenerator generate NEW token. And compare this new token with provided by user, see check_token method.
Upvotes: 13
Related Questions
- How to revoke refresh token on password reset?
- Where is the csrftoken stored in Django database?
- Where does Django store generated tokens resp. token links?
- Where the refresh token and access token are stored while using JWT in Django rest framework?
- destory token after logout
- Django Password Reset using Rest API
- Why django-rest-framework stores token in database?
- drf django rest auth how to expire or delete token?
- How does default_token_generator store tokens?
- django-rest-auth reset password uid and token