clarify

core/admin/mailu/api/v1/user.py

@@ -194,7 +194,7 @@ class User(Resource):
             return {'code': 404, 'message': f'User {email} cannot be found'}, 404
 
         if 'raw_password' in data:
-            user_found.set_password(data['raw_password'], '')
+            user_found.set_password(data['raw_password'], keep_only_session='')
         if 'comment' in data:
             user_found.comment = data['comment']
         if 'quota_bytes' in data:

core/admin/mailu/manage.py

@@ -121,7 +121,7 @@ def password(localpart, domain_name, password):
     email = f'{localpart}@{domain_name}'
     user  = models.User.query.get(email)
     if user:
-        user.set_password(password, '')
+        user.set_password(password, keep_only_session='')
     else:
         print(f'User {email} not found.')
     db.session.commit()

core/admin/mailu/models.py

@@ -624,13 +624,13 @@ in clear-text regardless of the presence of the cache.
             self._credential_cache[self.get_id()] = (self.password.split('$')[3], passlib.hash.pbkdf2_sha256.using(rounds=1).hash(password))
         return result
 
-    def set_password(self, password, raw=False, session=None):
+    def set_password(self, password, raw=False, keep_only_session=None):
         """ Set password for user
             @password: plain text password to encrypt (or, if raw is True: the hash itself)
         """
         self.password = password if raw else User.get_password_context().hash(password)
-        if session:
-            utils.MailuSessionExtension.prune_sessions(uid=self.email, keep=session)
+        if keep_only_session is not None:
+            utils.MailuSessionExtension.prune_sessions(uid=self.email, keep=keep_only_session)
 
     def get_managed_domains(self):
         """ return list of domains this user can manage """

core/admin/mailu/sso/views/base.py

@@ -91,7 +91,7 @@ def pw_change():
         if user:
             flask.session.regenerate()
             flask_login.login_user(user)
-            user.set_password(form.pw.data, flask.session)
+            user.set_password(form.pw.data, keep_only_session=flask.session)
             user.change_pw_next_login = False
             models.db.session.commit()
             flask.current_app.logger.info(f'Forced password change by {user} from: {client_ip}/{client_port}: success: password: {form.pwned.data}')
@@ -167,7 +167,7 @@ def _proxy():
         flask.current_app.logger.warning('Too many users for domain %s' % domain)
         return flask.abort(500, 'Too many users in (domain=%s)' % domain)
     user = models.User(localpart=localpart, domain=domain)
-    user.set_password(secrets.token_urlsafe(), flask.session)
+    user.set_password(secrets.token_urlsafe(), keep_only_session=flask.session)
     models.db.session.add(user)
     models.db.session.commit()
     flask.session.regenerate()

core/admin/mailu/ui/views/users.py

@@ -75,7 +75,7 @@ def user_edit(user_email):
                     domain=user.domain, max_quota_bytes=max_quota_bytes)
         form.populate_obj(user)
         if form.pw.data:
-            user.set_password(form.pw.data, flask.session)
+            user.set_password(form.pw.data, keep_only_session=flask.session)
         models.db.session.commit()
         flask.flash('User %s updated' % user)
         return flask.redirect(
@@ -114,7 +114,7 @@ def _process_password_change(form, user_email):
                 flask.flash(msg, "error")
                 return flask.render_template('user/password.html', form=form, user=user)
             flask.session.regenerate()
-            user.set_password(form.pw.data, flask.session)
+            user.set_password(form.pw.data, keep_only_session=flask.session)
             models.db.session.commit()
             flask.flash('Password updated for %s' % user)
             if user_email: