roll fresh session secrets for new accounts

author: Daniel Schadt <kingdread@gmx.de> 2023-09-14 19:47:38 +0200
committer: Daniel Schadt <kingdread@gmx.de> 2023-09-14 19:47:38 +0200
commit: dd6dbca51d46200073a9c6e16dcd0052795b80b8 (patch)
tree: 824c8302dba11605b37c2e60e21112b7885f1b11
parent: b1fbf94b97b25d50753dac09fb1d06ea7c880111 (diff)
download: fietsboek-dd6dbca51d46200073a9c6e16dcd0052795b80b8.tar.gz
fietsboek-dd6dbca51d46200073a9c6e16dcd0052795b80b8.tar.bz2
fietsboek-dd6dbca51d46200073a9c6e16dcd0052795b80b8.zip
2 files changed, 2 insertions, 0 deletions
diff --git a/fietsboek/scripts/fietsctl.py b/fietsboek/scripts/fietsctl.py
index 3e987d5..d0b5639 100644
--- a/fietsboek/scripts/fietsctl.py
+++ b/fietsboek/scripts/fietsctl.py
@@ -111,6 +111,7 @@ def cmd_user_add(
 
     user = models.User(name=name, email=email, is_verified=True, is_admin=admin)
     user.set_password(password)
+    user.roll_session_secret()
 
     with env["request"].tm:
         dbsession = env["request"].dbsession
diff --git a/fietsboek/views/account.py b/fietsboek/views/account.py
index 5400f0a..e353360 100644
--- a/fietsboek/views/account.py
+++ b/fietsboek/views/account.py
@@ -60,6 +60,7 @@ def do_create_account(request):
 
     user = models.User(name=name, email=email_addr)
     user.set_password(password)
+    user.roll_session_secret()
     request.dbsession.add(user)
 
     actions.send_verification_token(request, user)
author	Daniel Schadt <kingdread@gmx.de>	2023-09-14 19:47:38 +0200
committer	Daniel Schadt <kingdread@gmx.de>	2023-09-14 19:47:38 +0200
commit	dd6dbca51d46200073a9c6e16dcd0052795b80b8 (patch)
tree	824c8302dba11605b37c2e60e21112b7885f1b11
parent	b1fbf94b97b25d50753dac09fb1d06ea7c880111 (diff)
download	fietsboek-dd6dbca51d46200073a9c6e16dcd0052795b80b8.tar.gz fietsboek-dd6dbca51d46200073a9c6e16dcd0052795b80b8.tar.bz2 fietsboek-dd6dbca51d46200073a9c6e16dcd0052795b80b8.zip