Merge branch 'kaedroho-issue-1124'

2026-05-19 04:31:11 +00:00 · 2015-04-08 11:49:41 +01:00 · 2015-04-08 11:49:41 +01:00 · 74273275e4
commit 74273275e4
parent c653f0630a 7ff9f3ee50
4 changed files with 5 additions and 0 deletions
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@ -42,6 +42,7 @@ Changelog
 * Added hook `construct_homepage_summary_items` for customising the site summary panel on the admin homepage
 * No longer automatically tries to use Celery for sending notification emails
 * Added "Add child page" button to admin userbar (Eric Drechsel)
+ * Fix: Prevent logout on changing password when SessionAuthenticationMiddleware is in use


 0.8.6 (10.03.2015)
--- a/docs/releases/1.0.rst
+++ b/docs/releases/1.0.rst
@ -108,6 +108,7 @@ Bug fixes

 * The ``document_served`` signal now correctly passes the Document class as ``sender`` and the document as ``instance``
 * Image edit page no longer throws ``OSError`` when the original image is missing
+ * Users are no longer logged out on changing password when SessionAuthenticationMiddleware is in use


 Upgrade considerations
--- a/wagtail/tests/settings.py
+++ b/wagtail/tests/settings.py
@ -43,6 +43,7 @@ MIDDLEWARE_CLASSES = (
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
+    'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',

--- a/wagtail/wagtailadmin/views/account.py
+++ b/wagtail/wagtailadmin/views/account.py
@ -3,6 +3,7 @@ from django.shortcuts import render, redirect
 from django.contrib import messages
 from django.contrib.auth.forms import SetPasswordForm
 from django.contrib.auth.views import logout as auth_logout, login as auth_login
+from django.contrib.auth import update_session_auth_hash
 from django.utils.translation import ugettext as _ 
 from django.views.decorators.debug import sensitive_post_parameters
 from django.views.decorators.cache import never_cache
@ -32,6 +33,7 @@ def change_password(request):

            if form.is_valid():
                form.save()
+                update_session_auth_hash(request, form.user)

                messages.success(request, _("Your password has been changed successfully!"))
                return redirect('wagtailadmin_account')