mirror of
https://github.com/simple-login/app.git
synced 2024-09-30 05:31:30 +02:00
Merge pull request #218 from simple-login/not-reuse-password
make sure user cannot reuse the old password
This commit is contained in:
commit
677236b9a6
@ -42,9 +42,14 @@ def reset_password():
|
|||||||
|
|
||||||
if form.validate_on_submit():
|
if form.validate_on_submit():
|
||||||
user = reset_password_code.user
|
user = reset_password_code.user
|
||||||
|
new_password = form.password.data
|
||||||
|
|
||||||
user.set_password(form.password.data)
|
# avoid user reusing the old password
|
||||||
|
if user.check_password(new_password):
|
||||||
|
error = "You cannot reuse the same password"
|
||||||
|
return render_template("auth/reset_password.html", form=form, error=error)
|
||||||
|
|
||||||
|
user.set_password(new_password)
|
||||||
flash("Your new password has been set", "success")
|
flash("Your new password has been set", "success")
|
||||||
|
|
||||||
# this can be served to activate user too
|
# this can be served to activate user too
|
||||||
|
Loading…
Reference in New Issue
Block a user