Commit 42950931 authored by Samuel GAIST's avatar Samuel GAIST

[accounts][view] Properly refresh session after password change

For more information:
https://docs.djangoproject.com/en/3.1/topics/auth/default/#session-invalidation-on-password-change

Fixes #581
parent bbac1d98
Pipeline #46615 passed with stage
in 17 minutes and 14 seconds
......@@ -29,6 +29,7 @@ import datetime
from django.conf import settings
from django.contrib import messages
from django.contrib.auth import update_session_auth_hash
from django.contrib.auth.decorators import login_required
from django.contrib.auth.forms import PasswordChangeForm
from django.contrib.auth.models import User
......@@ -62,6 +63,7 @@ def account_settings(request):
messages.add_message(
request, messages.SUCCESS, "Password changed successfully"
)
update_session_auth_hash(request, password_change_form.user)
elif "token" in request.POST:
user.auth_token.delete()
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment