11 years ago · 140da2430c
--- a/misago/admin/auth.py
+++ b/misago/admin/auth.py
@@ -11,8 +11,8 @@ KEY_UPDATED = 'misago_admin_session_updated'
 
				 
			
 
				 
			
 
				 def make_user_admin_token(user):
			
 
				-    formula = '%s:%s:%s' % (user.pk, user.email, user.password)
			
 
				-    return md5(formula).hexdigest()
			
 
				+    formula = (str(user.pk), user.email, user.password, settings.SECRET_KEY)
			
 
				+    return md5(':'.join(formula)).hexdigest()
			
 
				 
			
 
				 
			
 
				 # Admin session state controls
			
--- a/misago/admin/middleware.py
+++ b/misago/admin/middleware.py
@@ -1,6 +1,6 @@
 
				 from django.shortcuts import redirect
			
 
				 
			
 
				-from misago.admin.auth import is_admin_session, update_admin_session
			
 
				+from misago.admin import auth
			
 
				 from misago.admin.views import get_protected_namespace
			
 
				 from misago.admin.views.auth import login
			
 
				 
			
@@ -10,10 +10,11 @@ class AdminAuthMiddleware(object):
 
				         request.admin_namespace = get_protected_namespace(request)
			
 
				 
			
 
				         if request.admin_namespace:
			
 
				-            if not is_admin_session(request):
			
 
				+            if not auth.is_admin_session(request):
			
 
				+                auth.close_admin_session(request)
			
 
				                 if request.resolver_match.url_name == 'index':
			
 
				                     return login(request)
			
 
				                 else:
			
 
				                     return redirect('%s:index' % request.admin_namespace)
			
 
				             else:
			
 
				-                update_admin_session(request)
			
 
				+                auth.update_admin_session(request)
			
--- a/misago/users/views/admin/users.py
+++ b/misago/users/views/admin/users.py
@@ -3,6 +3,7 @@ from django.contrib.auth import get_user_model, update_session_auth_hash
 
				 from django.shortcuts import redirect
			
 
				 from django.utils.translation import ugettext_lazy as _
			
 
				 
			
 
				+from misago.admin.auth import start_admin_session
			
 
				 from misago.admin.views import generic
			
 
				 
			
 
				 from misago.users.forms.admin import (StaffFlagUserFormFactory, NewUserForm,
			
@@ -78,13 +79,12 @@ class EditUser(UserAdmin, generic.ModelFormView):
 
				     message_submit = _('User "%s" has been edited.')
			
 
				 
			
 
				     def handle_form(self, form, request, target):
			
 
				-        form.instance.save()
			
 
				-
			
 
				         if form.cleaned_data.get('new_password'):
			
 
				             target.set_password(form.cleaned_data['new_password'])
			
 
				 
			
 
				             if target.pk == request.user.pk:
			
 
				-                update_session_auth_hash(request, form.user)
			
 
				+                start_admin_session(request, target)
			
 
				+                update_session_auth_hash(request, target)
			
 
				 
			
 
				         if form.cleaned_data.get('email'):
			
 
				             target.set_email(form.cleaned_data['email'])