External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-25 06:56:00 -03:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3510 from jbradberry/errors-on-change-password

Browse Source 
Use Django's own logic to invalidate sessions of users when changing passwords

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
This commit is contained in:
softwarefactory-project-zuul[bot]
2019-04-05 14:54:20 +00:00
committed by GitHub
parent 50c7807483 efb4fb6fd0
commit ef1a5c09b6
5 changed files with 26 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
awx/api/serializers.py
View File

@@ -16,6 +16,7 @@ from oauthlib.common import generate_token
# Django
from django.conf import settings
from django.contrib.auth import update_session_auth_hash
from django.contrib.auth.models import User
from django.contrib.contenttypes.models import ContentType
from django.core.exceptions import ObjectDoesNotExist, ValidationError as DjangoValidationError
@@ -50,11 +51,11 @@ from awx.main.models import (
CredentialType, CustomInventoryScript, Fact, Group, Host, Instance,
InstanceGroup, Inventory, InventorySource, InventoryUpdate,
InventoryUpdateEvent, Job, JobEvent, JobHostSummary, JobLaunchConfig,
JobTemplate, Label, Notification, NotificationTemplate, OAuth2AccessToken,
OAuth2Application, Organization, Project, ProjectUpdate,
ProjectUpdateEvent, RefreshToken, Role, Schedule, SystemJob,
SystemJobEvent, SystemJobTemplate, Team, UnifiedJob, UnifiedJobTemplate,
UserSessionMembership, V1Credential, WorkflowJob, WorkflowJobNode,
JobTemplate, Label, Notification, NotificationTemplate,
OAuth2AccessToken, OAuth2Application, Organization, Project,
ProjectUpdate, ProjectUpdateEvent, RefreshToken, Role, Schedule,
SystemJob, SystemJobEvent, SystemJobTemplate, Team, UnifiedJob,
UnifiedJobTemplate, V1Credential, WorkflowJob, WorkflowJobNode,
WorkflowJobTemplate, WorkflowJobTemplateNode, StdoutMaxBytesExceeded
)
from awx.main.models.base import VERBOSITY_CHOICES, NEW_JOB_TYPE_CHOICES
@@ -935,8 +936,12 @@ class UserSerializer(BaseSerializer):
if new_password:
obj.set_password(new_password)
obj.save(update_fields=['password'])
if self.context['request'].user != obj:
UserSessionMembership.clear_session_for_user(obj)
# Cycle the session key, but if the requesting user is the same
# as the modified user then inject a session key derived from
# the updated user to prevent logout. This is the logic used by
# the Django admin's own user_change_password view.
update_session_auth_hash(self.context['request'], obj)
elif not obj.password:
obj.set_unusable_password()
obj.save(update_fields=['password'])