From ddc1022461720f5559d46ed22722646062fa8aea Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 18 Sep 2020 18:15:25 +0200 Subject: [PATCH] stages/user_write: check if session hash should be updated early --- passbook/stages/user_write/stage.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/passbook/stages/user_write/stage.py b/passbook/stages/user_write/stage.py index 008eca12c..d6f9a7fc3 100644 --- a/passbook/stages/user_write/stage.py +++ b/passbook/stages/user_write/stage.py @@ -36,6 +36,11 @@ class UserWriteStageView(StageView): "Created new user", flow_slug=self.executor.flow.slug, ) user = self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] + # Before we change anything, check if the user is the same as in the request + # and we're updating a password. In that case we need to update the session hash + should_update_seesion = False + if any(["password" in x for x in data.keys()]) and self.request.user.pk == user.pk: + should_update_seesion = True for key, value in data.items(): setter_name = f"set_{key}" # Check if user has a setter for this key, like set_password @@ -52,7 +57,7 @@ class UserWriteStageView(StageView): user.save() user_write.send(sender=self, request=request, user=user, data=data) # Check if the password has been updated, and update the session auth hash - if any(["password" in x for x in data.keys()]): + if should_update_seesion: update_session_auth_hash(self.request, user) LOGGER.debug("Updated session hash", user=user) LOGGER.debug(