Mirror
/
app-MAIL-temp
mirror of https://github.com/simple-login/app.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #218 from simple-login/not-reuse-password 

make sure user cannot reuse the old password
This commit is contained in:
Son Nguyen Kim 2020-05-30 19:57:47 +02:00 committed by GitHub
parent 1e00ea300a fa06c5cd4b
commit 677236b9a6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
app/auth/views/reset_password.py
View File

@ -42,9 +42,14 @@ def reset_password():
if form.validate_on_submit():
user = reset_password_code.user
new_password = form.password.data
user.set_password(form.password.data)
# avoid user reusing the old password
if user.check_password(new_password):
error = "You cannot reuse the same password"
return render_template("auth/reset_password.html", form=form, error=error)
user.set_password(new_password)
flash("Your new password has been set", "success")
# this can be served to activate user too