def change_user_password( *, user: BaseUser, old_password: str, new_password: str ) -> BaseUser: if not user.is_active: raise ValidationError('User account is disabled.') if not user.check_password(old_password): raise ValidationError('Old password is invalid.') validate_password(new_password) user.set_password(new_password) user.rotate_secret_key() user.save() return user
def logout(*, user: BaseUser) -> BaseUser: user.rotate_secret_key() return user