Aleksandr Zakharov
Reputation: 384
Where does flask store token for password recovery?
I need to provide password recovery token in order to test it's functionality with integration test. But I can't trace the place its stored.
Upvotes: 0
Views: 89
Answers (1)
deceze
Reputation: 522510
Apparently it doesn't. It hashes the user's current password [hash] and their id and sends that as token. Which is entirely reasonable, since that's already user-specific information stored in the database, no need to generate yet another token. And it will even invalidate itself once the password has been changed. I'd probably add a timestamp somewhere in there though so the link isn't valid forever.
Upvotes: 2
Related Questions
- Where do I get SECRET_KEY for Flask?
- Explanation of the token-based password-reset functionality in Flask-Security
- When does Flask store the user's authentication?
- Python authlib flask - how to handle refresh token?
- How are Flask-Security tokens created?
- Token based authentication in Flask
- How do you implement token authentication in Flask?
- Flask token based password recovery / resetting How to?
- flask security auth_token_required - token authentication
- Token remember me for flask-login saved in the database?