|
class Token(models.Model): |
|
""" |
|
The default authorization token model. |
|
""" |
|
key = models.CharField(_("Key"), max_length=40, primary_key=True) |
|
user = models.OneToOneField( |
|
settings.AUTH_USER_MODEL, related_name='auth_token', |
|
on_delete=models.CASCADE, verbose_name=_("User") |
|
) |
|
created = models.DateTimeField(_("Created"), auto_now_add=True) |
|
|
|
class Meta: |
|
# Work around for a bug in Django: |
|
# https://code.djangoproject.com/ticket/19422 |
|
# |
|
# Also see corresponding ticket: |
|
# https://github.com/encode/django-rest-framework/issues/705 |
|
abstract = 'rest_framework.authtoken' not in settings.INSTALLED_APPS |
|
verbose_name = _("Token") |
|
verbose_name_plural = _("Tokens") |
|
|
|
def save(self, *args, **kwargs): |
|
if not self.key: |
|
self.key = self.generate_key() |
|
return super().save(*args, **kwargs) |
|
|
|
@classmethod |
|
def generate_key(cls): |
|
return binascii.hexlify(os.urandom(20)).decode() |
The sample space is large 2 ** (8 * 20), but the probability is not 0 that generate_key returns a key that already exists, and then the save would update the existing one.
The smallest change, turns this into an integrity error:
def save(self, *args, **kwargs):
if not self.key:
self.key = self.generate_key()
kwargs["force_insert"] = True
return super().save(*args, **kwargs)
django-rest-framework/rest_framework/authtoken/models.py
Lines 9 to 37 in 5ad467a
The sample space is large
2 ** (8 * 20), but the probability is not 0 thatgenerate_keyreturns a key that already exists, and then the save would update the existing one.The smallest change, turns this into an integrity error: