def _banned(self, value): if value and not self._banned: self.state |= 1 # Invalidate all cookies by changing the password # First back up the password so we can reverse this self.backup_password = self.password # New PW doesn't matter, they can't log in with it anyway. # Even if their PW /was/ 'banned' for some reason, this # will change the salt and thus invalidate the cookies change_password(self, 'banned') # deauthorize all access tokens from r2.models.token import OAuth2AccessToken from r2.models.token import OAuth2RefreshToken OAuth2AccessToken.revoke_all_by_user(self) OAuth2RefreshToken.revoke_all_by_user(self) elif not value and self._banned: self.state &= ~1 # Undo the password thing so they can log in self.password = self.backup_password # They're on their own for OAuth tokens, though. self._commit()