Fix a security issue in the auth system. Disclosure and new release forthcoming.

        p2 = Mocked(date.today() + timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS + 1))

        self.assertFalse(p2.check_token(user, tk1))

    def test_date_length(self):

        """

        Make sure we don't allow overly long dates, causing a potential DoS.

        """

        user = User.objects.create_user('ima1337h4x0r', 'test4@example.com', 'p4ssw0rd')

        p0 = PasswordResetTokenGenerator()

        # This will put a 14-digit base36 timestamp into the token, which is too large.

        tk1 = p0._make_token_with_timestamp(user, 175455491841851871349)

        self.assertFalse(p0.check_token(user, tk1))

    (r'^password_change/done/$', 'django.contrib.auth.views.password_change_done'),

    (r'^password_reset/$', 'django.contrib.auth.views.password_reset'),

    (r'^password_reset/done/$', 'django.contrib.auth.views.password_reset_done'),

    (r'^reset/(?P<uidb36>[0-9A-Za-z]+)-(?P<token>.+)/$', 'django.contrib.auth.views.password_reset_confirm'),

    (r'^reset/(?P<uidb36>[0-9A-Za-z]{1,13})-(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$', 'django.contrib.auth.views.password_reset_confirm'),

    (r'^reset/done/$', 'django.contrib.auth.views.password_reset_complete'),

)

def base36_to_int(s):

    """

    Convertd a base 36 string to an integer

    Converts a base 36 string to an ``int``. To prevent

    overconsumption of server resources, raises ``ValueError` if the

    input is longer than 13 base36 digits (13 digits is sufficient to

    base36-encode any 64-bit integer).

    """

    if len(s) > 13:

        raise ValueError("Base36 input too large")

    return int(s, 36)

def int_to_base36(i):