def change_password(user, new_password):
if not validate_password(new_password):
raise InvalidPasswordException(INVALID_PASSWORD_MESSAGE)
pw_hash = hash_password(new_password)
user.invalid_login_attempts = 0
user.password_hash = pw_hash.decode("ascii")
invalidate_all_sessions(user)
# Remove any password required notifications for the user.
notification.delete_notifications_by_kind(user, "password_required")
def delete_notifications_by_kind(self, target_username, kind_name):
target = get_user_or_org(target_username)
delete_notifications_by_kind(target, kind_name)
