From 1d85874f41a34593c081a005a1c44fe51ef9f265 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 18 Oct 2020 22:58:05 +0200 Subject: [PATCH] stages/user_write: don't update session hash after password change when impersonating --- passbook/root/settings.py | 2 +- passbook/stages/user_write/stage.py | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/passbook/root/settings.py b/passbook/root/settings.py index 98b1b2b34..81c36ceb5 100644 --- a/passbook/root/settings.py +++ b/passbook/root/settings.py @@ -18,9 +18,9 @@ from json import dumps import structlog from celery.schedules import crontab from sentry_sdk import init as sentry_init -from sentry_sdk.integrations.redis import RedisIntegration from sentry_sdk.integrations.celery import CeleryIntegration from sentry_sdk.integrations.django import DjangoIntegration +from sentry_sdk.integrations.redis import RedisIntegration from passbook import __version__ from passbook.core.middleware import structlog_add_request_id diff --git a/passbook/stages/user_write/stage.py b/passbook/stages/user_write/stage.py index cf5b6afe8..b59d9af93 100644 --- a/passbook/stages/user_write/stage.py +++ b/passbook/stages/user_write/stage.py @@ -6,6 +6,7 @@ from django.http import HttpRequest, HttpResponse from django.utils.translation import gettext as _ from structlog import get_logger +from passbook.core.middleware import SESSION_IMPERSONATE_USER from passbook.core.models import User from passbook.flows.planner import PLAN_CONTEXT_PENDING_USER from passbook.flows.stage import StageView @@ -41,10 +42,12 @@ class UserWriteStageView(StageView): user = self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] # Before we change anything, check if the user is the same as in the request # and we're updating a password. In that case we need to update the session hash + # Also check that we're not currently impersonating, so we don't update the session should_update_seesion = False if ( any(["password" in x for x in data.keys()]) and self.request.user.pk == user.pk + and SESSION_IMPERSONATE_USER not in self.request.session ): should_update_seesion = True for key, value in data.items():