From 384d6083c4297412d38376c742a8b50eb92d6480 Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Thu, 26 Mar 2015 20:04:32 -0400 Subject: [PATCH] Make sure to conduct login after the password change now that the session will be invalidated for the user --- endpoints/api/user.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/endpoints/api/user.py b/endpoints/api/user.py index 9ccb1d7aa..b5d260516 100644 --- a/endpoints/api/user.py +++ b/endpoints/api/user.py @@ -225,8 +225,13 @@ class User(ApiResource): if 'password' in user_data: logger.debug('Changing password for user: %s', user.username) log_action('account_change_password', user.username) + + # Change the user's password. model.change_password(user, user_data['password']) + # Login again to reset their session cookie. + common_login(user) + if features.MAILING: send_password_changed(user.username, user.email)