models: change UUID of user on password change
This prevents old cookies from continuing to work after a password has been changed.
This commit is contained in:
Jimmy Zelinskie
parent
7d13299782
commit
bcc7a9580b
1 changed files with 1 additions and 0 deletions
|
|
@ -905,6 +905,7 @@ def change_password(user, new_password):
|
|||
pw_hash = hash_password(new_password)
|
||||
user.invalid_login_attempts = 0
|
||||
user.password_hash = pw_hash
|
||||
user.uuid = str(uuid4())
|
||||
user.save()
|
||||
|
||||
# Remove any password required notifications for the user.
|
||||
|
|
|
|||
Reference in a new issue