6

I am trying to access the generated token(in the database table) when I request the "forgotten password" functionality, but I cannot seem to find it.

I am using django 1.10, rest_framework, django-rest-auth. I have checked inside authtoken_token as well as inside account_emailconfirmation tables but was unsuccessfully.

In github the source code refers to this in python as token_model I think https://github.com/Tivix/django-rest-auth/blob/master/rest_auth/utils.py

anyavacy
  • 1,618
  • 5
  • 21
  • 43

1 Answers1

13

It doesn't store anywhere except user email. When user click on the provided link token parsed by PasswordResetTokenGenerator to obtain timestamp. With this timestamp PasswordResetTokenGenerator generate NEW token. And compare this new token with provided by user, see check_token method.

neverwalkaloner
  • 46,181
  • 7
  • 92
  • 100
  • thank you for the reply. yes I realized this at the end. `from django.contrib.auth.tokens import default_token_generator.make_token(user)` is used to generate a new token. – anyavacy Jan 06 '18 at 10:47