mirror of
https://github.com/simple-login/app.git
synced 2024-09-28 20:51:29 +02:00
make sure user cannot reuse the old password
This commit is contained in:
parent
1e00ea300a
commit
fa06c5cd4b
@ -42,9 +42,14 @@ def reset_password():
|
||||
|
||||
if form.validate_on_submit():
|
||||
user = reset_password_code.user
|
||||
new_password = form.password.data
|
||||
|
||||
user.set_password(form.password.data)
|
||||
# avoid user reusing the old password
|
||||
if user.check_password(new_password):
|
||||
error = "You cannot reuse the same password"
|
||||
return render_template("auth/reset_password.html", form=form, error=error)
|
||||
|
||||
user.set_password(new_password)
|
||||
flash("Your new password has been set", "success")
|
||||
|
||||
# this can be served to activate user too
|
||||
|
Loading…
Reference in New Issue
Block a user