diff --git a/apps/users/models/user/_auth.py b/apps/users/models/user/_auth.py index 0befdac2d..740cc56f8 100644 --- a/apps/users/models/user/_auth.py +++ b/apps/users/models/user/_auth.py @@ -134,6 +134,7 @@ class AuthMixin: self.date_password_last_updated = timezone.now() post_user_change_password.send(self.__class__, user=self) super().set_password(raw_password) # noqa + self._password_changed = True def set_ssh_key(self, public_key, private_key, **kwargs): if self.can_update_ssh_key(): diff --git a/apps/users/signal_handlers.py b/apps/users/signal_handlers.py index c0b347a0b..d846fd155 100644 --- a/apps/users/signal_handlers.py +++ b/apps/users/signal_handlers.py @@ -105,19 +105,25 @@ def save_user_email_lookup(sender, instance, **kwargs): @receiver(post_save, sender=User) def save_passwd_change(sender, instance: User, **kwargs): + if not getattr(instance, '_password_changed', False): + return if instance.source != User.Source.local.value or not instance.password: + instance._password_changed = False return - passwords = UserPasswordHistory.objects \ - .filter(user=instance) \ - .order_by('-date_created') \ - .values_list('password', flat=True)[:settings.OLD_PASSWORD_HISTORY_LIMIT_COUNT] + try: + passwords = UserPasswordHistory.objects \ + .filter(user=instance) \ + .order_by('-date_created') \ + .values_list('password', flat=True)[:settings.OLD_PASSWORD_HISTORY_LIMIT_COUNT] - if instance.password not in list(passwords): - UserPasswordHistory.objects.create( - user=instance, password=instance.password, - date_created=instance.date_password_last_updated - ) + if instance.password not in list(passwords): + UserPasswordHistory.objects.create( + user=instance, password=instance.password, + date_created=instance.date_password_last_updated + ) + finally: + instance._password_changed = False def update_role_superuser_if_need(user):