simple-login/app
1
1
Fork 0
mirror of https://github.com/simple-login/app.git synced 2024-11-14 12:47:18 +08:00
Code Issues Projects Releases Packages Wiki Activity

make sure user needs to go through MFA when resetting password

Browse source
This commit is contained in:
Son Nguyen Kim 2021-07-12 18:56:09 +02:00
parent c011a4b90b
commit 99599bb09f
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
app/auth/views/reset_password.py
View file

@ -4,6 +4,7 @@ from flask_wtf import FlaskForm
from wtforms import StringField, validators from wtforms import StringField, validators
from app.auth.base import auth_bp from app.auth.base import auth_bp
from app.auth.views.login_utils import after_login
from app.extensions import db, limiter from app.extensions import db, limiter
from app.models import ResetPasswordCode from app.models import ResetPasswordCode
@ -57,10 +58,10 @@ def reset_password():
# remove the reset password code # remove the reset password code
ResetPasswordCode.delete(reset_password_code.id) ResetPasswordCode.delete(reset_password_code.id)
db.session.commit() db.session.commit()
login_user(user)
return redirect(url_for("dashboard.index")) # do not use login_user(user) here
# to make sure user needs to go through MFA if enabled
return after_login(user, url_for("dashboard.index"))
return render_template("auth/reset_password.html", form=form) return render_template("auth/reset_password.html", form=form)