6 years ago · a808326832
--- a/misago/admin/middleware.py
+++ b/misago/admin/middleware.py
@@ -4,7 +4,7 @@ from django.utils.deprecation import MiddlewareMixin
 
				 from .auth import (
			
 
				     is_admin_authorized,
			
 
				     remove_admin_authorization,
			
 
				-    update_admin_authorization
			
 
				+    update_admin_authorization,
			
 
				 )
			
 
				 from .views import get_protected_namespace
			
 
				 from .views.auth import login
			
--- a/misago/admin/tests/test_auth.py
+++ b/misago/admin/tests/test_auth.py
@@ -47,18 +47,14 @@ def test_anonymous_user_admin_authorization_is_never_valid(user, anonymous_user)
 
				     assert not is_admin_authorized(request)
			
 
				 
			
 
				 
			
 
				-def test_superuser_without_staff_flag_admin_authorization_is_never_valid(
			
 
				-    staffuser
			
 
				-):
			
 
				+def test_superuser_without_staff_flag_admin_authorization_is_never_valid(staffuser):
			
 
				     request = Mock(session={}, user=staffuser)
			
 
				     authorize_admin(request)
			
 
				     request.user.is_staff = False
			
 
				     assert not is_admin_authorized(request)
			
 
				 
			
 
				 
			
 
				-def test_admin_authorization_is_invalidated_by_user_pk_change(
			
 
				-    admin_request, superuser
			
 
				-):
			
 
				+def test_admin_authorization_is_invalidated_by_user_pk_change(admin_request, superuser):
			
 
				     admin_request.user.pk = superuser.pk + 1
			
 
				     assert not is_admin_authorized(admin_request)
			
 
				 
			
@@ -112,4 +108,4 @@ def test_removing_authorization_removes_autorization_from_request_session(
 
				 def test_removing_authorization_invalidates_autorization(admin_request):
			
 
				     admin_request.session[UPDATED_KEY] = 0
			
 
				     remove_admin_authorization(admin_request)
			
 
				-    assert not is_admin_authorized(admin_request)
			
 
				+    assert not is_admin_authorized(admin_request)
			
--- a/misago/admin/tests/test_login_to_admin.py
+++ b/misago/admin/tests/test_login_to_admin.py
@@ -60,4 +60,4 @@ def test_login_form_redirects_user_to_admin_index_after_successful_login(
 
				     response = client.post(
			
 
				         admin_link, {"username": staffuser.username, "password": user_password}
			
 
				     )
			
 
				-    assert response["location"] == admin_link
			
 
				+    assert response["location"] == admin_link
			
--- a/misago/admin/tests/test_logout_from_admin.py
+++ b/misago/admin/tests/test_logout_from_admin.py
@@ -9,9 +9,7 @@ site_logout_link = reverse("misago:logout")
 
				 site_link = reverse("misago:index")
			
 
				 
			
 
				 
			
 
				-def test_admin_can_logout_from_admin_site_but_stay_logged(
			
 
				-    admin_client, superuser
			
 
				-):
			
 
				+def test_admin_can_logout_from_admin_site_but_stay_logged(admin_client, superuser):
			
 
				     response = admin_client.post(admin_logout_link)
			
 
				     assert response.wsgi_request.user == superuser
			
 
				     assert not is_admin_authorized(response.wsgi_request)
			
--- a/misago/admin/tests/test_protected_urls_detection.py
+++ b/misago/admin/tests/test_protected_urls_detection.py
@@ -46,4 +46,4 @@ def test_request_to_site_subpath_url_is_not_protected():
 
				 
			
 
				 def test_request_to_site_non_reversable_url_is_not_protected():
			
 
				     request = Mock(path=site_url + "somewhere-custom/")
			
 
				-    assert get_protected_namespace(request) is None
			
 
				+    assert get_protected_namespace(request) is None
			
--- a/misago/test.py
+++ b/misago/test.py
@@ -1,4 +1,4 @@
 
				 def assert_contains(response, string, status_code=200):
			
 
				     assert response.status_code == status_code
			
 
				     fail_message = f'"{string}" not found in response.content'
			
 
				-    assert string in response.content.decode("utf-8"), fail_message
			
 
				+    assert string in response.content.decode("utf-8"), fail_message
			
--- a/misago/users/views/admin/users.py
+++ b/misago/users/views/admin/users.py
@@ -304,14 +304,8 @@ class EditUser(UserAdmin, generic.ModelFormView):
 
				         if form.cleaned_data.get("new_password"):
			
 
				             target.set_password(form.cleaned_data["new_password"])
			
 
				 
			
 
				-            if target.pk == request.user.pk:
			
 
				-                authorize_admin(request, target)
			
 
				-                update_session_auth_hash(request, target)
			
 
				-
			
 
				         if form.cleaned_data.get("email"):
			
 
				             target.set_email(form.cleaned_data["email"])
			
 
				-            if target.pk == request.user.pk:
			
 
				-                authorize_admin(request, target)
			
 
				 
			
 
				         if form.cleaned_data.get("is_avatar_locked"):
			
 
				             if not target.old_is_avatar_locked:
			
@@ -342,6 +336,10 @@ class EditUser(UserAdmin, generic.ModelFormView):
 
				         target.update_acl_key()
			
 
				         target.save()
			
 
				 
			
 
				+        if target.pk == request.user.pk:
			
 
				+            authorize_admin(request)
			
 
				+            update_session_auth_hash(request, target)
			
 
				+
			
 
				         messages.success(request, self.message_submit % {"user": target.username})