Tweaks to Token auth

1 files changed, 24 insertions, 5 deletions

diff --git a/djangorestframework/tokenauth/models.py b/djangorestframework/tokenauth/models.py
index f289b0fd..e8886112 100644
--- a/djangorestframework/tokenauth/models.py
+++ b/djangorestframework/tokenauth/models.py
@@ -1,15 +1,34 @@
 import uuid
+import hmac
+from hashlib import sha1
 from django.db import models
 
-class BasicToken(models.Model):
+
+class TokenManager(models.Manager):
+    """
+    Manager class to provide `Token.objects.create_token(user=user)`.
+    """
+    def create_token(self, user):
+        token = Token(user=user)
+        token.save()
+        return token
+
+
+class Token(models.Model):
     """
-    The default authorization token model class.
+    The default authorization token model.
     """
-    key = models.CharField(max_length=32, primary_key=True, blank=True)
+    key = models.CharField(max_length=40, primary_key=True)
     user = models.ForeignKey('auth.User')
     revoked = models.BooleanField(default=False)
+    created = models.DateTimeField(auto_now_add=True)
+    objects = TokenManager()
 
     def save(self, *args, **kwargs):
         if not self.key:
-            self.key = uuid.uuid4().hex
-        return super(BasicToken, self).save(*args, **kwargs)
+            self.key = self.generate_key()
+        return super(Token, self).save(*args, **kwargs)
+
+    def generate_key(self):
+        unique = str(uuid.uuid4())
+        return hmac.new(unique, digestmod=sha1).hexdigest()