models: change UUID of user on password change
This prevents old cookies from continuing to work after a password has been changed.
This commit is contained in:
		
							parent
							
								
									7d13299782
								
							
						
					
					
						commit
						bcc7a9580b
					
				
					 1 changed files with 1 additions and 0 deletions
				
			
		|  | @ -905,6 +905,7 @@ def change_password(user, new_password): | |||
|   pw_hash = hash_password(new_password) | ||||
|   user.invalid_login_attempts = 0 | ||||
|   user.password_hash = pw_hash | ||||
|   user.uuid = str(uuid4()) | ||||
|   user.save() | ||||
| 
 | ||||
|   # Remove any password required notifications for the user. | ||||
|  |  | |||
		Reference in a new issue