techbloc/tresetter
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

delete session after password change

Browse source
This commit is contained in:
boyska 2022-05-20 19:17:35 +02:00
parent 61509f6010
commit c3ff1bc2b5
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
tresetter.py
View file

@ -245,6 +245,7 @@ async def change(req: ChangeData, session_id: str = Cookie(None)) -> SuccessData
hashed = session["proposed_password_hash"] hashed = session["proposed_password_hash"]
if not kdf_verify(hashed, req.password): if not kdf_verify(hashed, req.password):
raise HTTPException(status_code=409) raise HTTPException(status_code=409)
delete_session(session_id)
success = change_password(session["username"], req.password) success = change_password(session["username"], req.password)
return SuccessData(success=success) return SuccessData(success=success)