Merge pull request #28583 from edx/update-session-on-change-password

update session on password change

Merge pull request #28583 from edx/update-session-on-change-password
update session on password change
c1dabd1a · Uzair Rasheed · GitHub · e492ff60 · d0c953f2 · c1dabd1a
Unverified Commit c1dabd1a authored 3 years ago by Uzair Rasheed Committed by GitHub 3 years ago
--- a/openedx/core/djangoapps/user_authn/views/password_reset.py
+++ b/openedx/core/djangoapps/user_authn/views/password_reset.py
@@ -4,6 +4,7 @@ import logging
 from django import forms
 from django.conf import settings
 from django.contrib import messages
+from django.contrib.auth import update_session_auth_hash
 from django.contrib.auth.forms import PasswordResetForm, SetPasswordForm
 from django.contrib.auth.hashers import UNUSABLE_PASSWORD_PREFIX
 from django.contrib.auth.models import User  # lint-amnesty, pylint: disable=imported-auth-user
@@ -509,6 +510,7 @@ class PasswordResetConfirmWrapper(PasswordResetConfirmView):
        if LoginFailures.is_feature_enabled():
            LoginFailures.clear_lockout_counter(updated_user)

+        update_session_auth_hash(request, updated_user)
        send_password_reset_success_email(updated_user, request)
        return response

@@ -773,6 +775,7 @@ class LogistrationPasswordResetView(APIView):  # lint-amnesty, pylint: disable=m
                    LoginFailures.clear_lockout_counter(user)

                send_password_reset_success_email(user, request)
+                update_session_auth_hash(request, user)
        except ValidationError as err:
            AUDIT_LOG.exception("Password validation failed")
            error_status = {