From bcc7a9580b43a7ed47ef925977c5bbc192f7ee60 Mon Sep 17 00:00:00 2001
From: Jimmy Zelinskie <jimmy.zelinskie@coreos.com>
Date: Thu, 26 Mar 2015 16:30:41 -0400
Subject: [PATCH] models: change UUID of user on password change

This prevents old cookies from continuing to work after a password has
been changed.
---
 data/model/legacy.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/model/legacy.py b/data/model/legacy.py
index aa968408c..2fcbfcf68 100644
--- a/data/model/legacy.py
+++ b/data/model/legacy.py
@@ -905,6 +905,7 @@ def change_password(user, new_password):
   pw_hash = hash_password(new_password)
   user.invalid_login_attempts = 0
   user.password_hash = pw_hash
+  user.uuid = str(uuid4())
   user.save()
 
   # Remove any password required notifications for the user.