make sure when user changes password, log user out on other browsers
This commit is contained in:
parent
fdc23b3107
commit
5d7e10f776
|
@ -1,3 +1,5 @@
|
||||||
|
import uuid
|
||||||
|
|
||||||
from flask import request, flash, render_template, url_for, g
|
from flask import request, flash, render_template, url_for, g
|
||||||
from flask_wtf import FlaskForm
|
from flask_wtf import FlaskForm
|
||||||
from wtforms import StringField, validators
|
from wtforms import StringField, validators
|
||||||
|
@ -50,6 +52,7 @@ def reset_password():
|
||||||
return render_template("auth/reset_password.html", form=form, error=error)
|
return render_template("auth/reset_password.html", form=form, error=error)
|
||||||
|
|
||||||
user.set_password(new_password)
|
user.set_password(new_password)
|
||||||
|
|
||||||
flash("Your new password has been set", "success")
|
flash("Your new password has been set", "success")
|
||||||
|
|
||||||
# this can be served to activate user too
|
# this can be served to activate user too
|
||||||
|
@ -57,6 +60,10 @@ def reset_password():
|
||||||
|
|
||||||
# remove the reset password code
|
# remove the reset password code
|
||||||
ResetPasswordCode.delete(reset_password_code.id)
|
ResetPasswordCode.delete(reset_password_code.id)
|
||||||
|
|
||||||
|
# change the alternative_id to log user out on other browsers
|
||||||
|
user.alternative_id = str(uuid.uuid4())
|
||||||
|
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
|
|
||||||
# do not use login_user(user) here
|
# do not use login_user(user) here
|
||||||
|
|
|
@ -438,8 +438,8 @@ def fake_data():
|
||||||
|
|
||||||
|
|
||||||
@login_manager.user_loader
|
@login_manager.user_loader
|
||||||
def load_user(user_id):
|
def load_user(alternative_id):
|
||||||
user = User.get(user_id)
|
user = User.get_by(alternative_id=alternative_id)
|
||||||
if user and user.disabled:
|
if user and user.disabled:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue