paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-11 17:36:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Don't set an unusable password during deactivation.

Browse Source 
This would have made reactivations hard, and doesn't really buy us much
additional security.

During deactivation, all a user's current sessions are deactivated and
they are marked as not active. This prevents them from logging in via
the web UI, and makes their API key unusable.

Randomizing their password is probably gratuitious, especially as we
start to allow authorized end-users to deactivate others.

(imported from commit c63d23816da0452a1df821f2fa6c1db2761733da)
This commit is contained in:
Luke Faraone
2013-07-05 21:18:53 -07:00
parent 573bb8e5fd
commit 37edb61b67
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
zephyr/lib/actions.py
View File

@@ -118,8 +118,7 @@ def delete_all_user_sessions():
def do_deactivate(user_profile, log=True): def do_deactivate(user_profile, log=True):
user_profile.is_active = False; user_profile.is_active = False;
user_profile.set_unusable_password() user_profile.save(update_fields=["is_active"])
user_profile.save(update_fields=["is_active", "password"])
delete_user_sessions(user_profile) delete_user_sessions(user_profile)