harmacist/healthchecks
1
0
Fork 0
forked from GithubBackups/healthchecks
Code Issues Pull Requests Projects Releases Wiki Activity

Update the set_password view to use update_session_auth_hash

Browse Source 
Changing user's password logs themselves out. To avoid that,
we were logging the user back in right after changing the password.

I recently discovered update_session_auth_hash, which seems to
be the proper way to do this.

Docs: https://docs.djangoproject.com/en/3.1/topics/auth/default/#session-invalidation-on-password-change
This commit is contained in:
Pēteris Caune 2020-11-16 14:29:52 +02:00
parent adb7702f39
commit 1ca4caa3a8
No known key found for this signature in database
GPG Key ID: E28D7679E9A9EDE2
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
hc/accounts/views.py
View File

@ -8,7 +8,7 @@ from django.conf import settings
from django.contrib import messages
from django.contrib.auth import login as auth_login
from django.contrib.auth import logout as auth_logout
from django.contrib.auth import authenticate
from django.contrib.auth import authenticate, update_session_auth_hash
from django.contrib.auth.decorators import login_required
from django.contrib.auth.models import User
from django.core import signing
@ -480,10 +480,9 @@ def set_password(request, token):
request.profile.token = ""
request.profile.save()
# Setting a password logs the user out, so here we
# log them back in.
u = authenticate(username=request.user.email, password=password)
auth_login(request, u)
# update the session with the new password hash so that
# the user doesn't get logged out
update_session_auth_hash(request, request.user)
messages.success(request, "Your password has been set!")
return redirect("hc-profile")