Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Logout by deleting auth token on password change #394

Open
karthikvrao opened this issue Dec 14, 2017 · 0 comments
Open

Logout by deleting auth token on password change #394

karthikvrao opened this issue Dec 14, 2017 · 0 comments

Comments

@karthikvrao
Copy link

I found that PasswordChangeSerializer has logic that does not update the session_auth_hash if LOGOUT_ON_PASSWORD_CHANGE setting is False, thereby logging out the user after changing password. But it does not do the same for token authentication by deleting the auth token. I had to override the serializer to fix this. If the current behaviour is not by design, below is my fix:

    def save(self):
        self.set_password_form.save()
        if self.logout_on_password_change:
            self.user.auth_token.delete()
        else:
            from django.contrib.auth import update_session_auth_hash
            update_session_auth_hash(self.request, self.user)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@karthikvrao