Instead of deleting expired tokens: allow to reenable them

[atar-axis]

It would be pretty nice to offer the possibility to re-enable deactivated tokens instead of deleting them.

My use case:
Initially all my users are going to get random passwords, so they cannot log in. I do this because I have to change some data on their accounts, even if they do not use their account.
But I would like to give them the "password change token" as a "registration token", printed on a card.
The users are asked to login and set (in fact change) their password within 24 hours, but I expect that some will not manage to change it in the given time.

Instead of printing a new activation token, it would be nice to just "re-enable" the old one for another 24 hours.

Is this something which is a lot of work? I am relatively new to Django so I fear I cannot do it myself, but I would be glad to be of any help you need.

[anx-ckreuzberger]

I don't think that this is a use-case that should be implemented within django-rest-passwordreset.

Re-enabling tokens is also sub-optimal, I would recommend to change the expiry time based on token type (e.g., you could have two token types, one for registration and one for password_reset).

As I'm time-constraint on supporting this library I would like to keep the footprint as small as possible, and not introduce new features.

I'll keep this issue open for others to comment on this, and maybe someone will create a fork that supports this behaviour.

[calhouncole]

@anx-ckreuzberger Are there any examples as to how one can change the expiry time based on token type (i.e. one for registration and one for password_reset) as you mention above?

It would be extremely useful if we could easily use this library's methodology for both use cases.