Token URL matching too specific, breaks in Django 3.1

[jleclanche]

RegistrationTokenGenerator subclasses PasswordResetTokenGenerator:

https://github.com/bennylope/django-organizations/blob/a779c4101c76d7b953a02159e6290627e0ce55e1/organizations/backends/tokens.py#L35

The generated token is matched against a URL in get_urls() of the various backends:

https://github.com/bennylope/django-organizations/blob/a779c4101c76d7b953a02159e6290627e0ce55e1/organizations/backends/defaults.py#L222

https://github.com/bennylope/django-organizations/blob/a779c4101c76d7b953a02159e6290627e0ce55e1/organizations/backends/defaults.py#L325

However, the token portion of the code is very aggressively matching against (?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20}).

In Django 3.1, the token generation algorithm has changed:

https://github.com/django/django/pull/12374

Django too changed its path matching to just match an arbitrary chunk of text, rather than the very specific (?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20}).

[bennylope]

Thank you, this is a mild bummer but a really helpful description.

[jleclanche]

https://github.com/bennylope/django-organizations/blob/005df1fe2e58a1177510bfa4fa31d11039d3bf60/organizations/backends/tokens.py#L68-L69

This is also a problem, _num_days is gone in 3.1: https://github.com/django/django/commit/226ebb17290b604ef29e82fb5c1fbac3594ac163#diff-d992e9c01fee91337af54701e0dd8125