# HG changeset patch
# User Nattee Niparnan <nattee@gmail.com>
# Date 2022-10-28 03:35:24
# Node ID 490fbe2ccf0ba1bb2c263dfa924c534e1e7a7d6b
# Parent  327f656f454510331c1d721a82ae25a57cf9d212

force log out when password change

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -114,6 +114,11 @@
       end
     end
 
+    # check if password is changed
+    if session[:last_password_hash] != @current_user.hashed_password
+      unauthorized_redirect 'You are forced to log out.'
+    end
+
     if GraderConfiguration.multicontests? 
       return true if @current_user.admin?
       begin
diff --git a/app/controllers/login_controller.rb b/app/controllers/login_controller.rb
--- a/app/controllers/login_controller.rb
+++ b/app/controllers/login_controller.rb
@@ -1,7 +1,7 @@
 class LoginController < ApplicationController
 
   @@authenticators = []
-  
+
   def index
     # show login screen
     reset_session
@@ -34,6 +34,7 @@
 
     #process logging in
     session[:user_id] = user.id
+    session[:last_password_hash] = user.hashed_password
     session[:admin] = user.admin?
 
     # clear forced logout flag for multicontests contest change