Make sure to conduct login after the password change now that the session will be invalidated for the user
This commit is contained in:
Joseph Schorr
parent
7b1d35737e
commit
384d6083c4
1 changed files with 5 additions and 0 deletions
|
|
@ -225,8 +225,13 @@ class User(ApiResource):
|
|||
if 'password' in user_data:
|
||||
logger.debug('Changing password for user: %s', user.username)
|
||||
log_action('account_change_password', user.username)
|
||||
|
||||
# Change the user's password.
|
||||
model.change_password(user, user_data['password'])
|
||||
|
||||
# Login again to reset their session cookie.
|
||||
common_login(user)
|
||||
|
||||
if features.MAILING:
|
||||
send_password_changed(user.username, user.email)
|
||||
|
||||
|
|
|
|||
Reference in a new issue