From fe7e4c4afcc0b74e45d49cc2345e082bf0a2d132 Mon Sep 17 00:00:00 2001
From: Matt Wright <matt@nobien.net>
Date: Mon, 13 Oct 2014 13:25:01 -0400
Subject: [PATCH] Add additional steps to the `test_change_hash_type` and make
 change to `verify_and_update_password` to make the test pass. Fixes #328.

---
 flask_security/utils.py | 2 +-
 tests/test_misc.py      | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/flask_security/utils.py b/flask_security/utils.py
index f75a17e..5698322 100644
--- a/flask_security/utils.py
+++ b/flask_security/utils.py
@@ -135,7 +135,7 @@ def verify_and_update_password(password, user):
         password = get_hmac(password)
     verified, new_password = _pwd_context.verify_and_update(password, user.password)
     if verified and new_password:
-        user.password = new_password
+        user.password = encrypt_password(password)
         _datastore.put(user)
     return verified
 
diff --git a/tests/test_misc.py b/tests/test_misc.py
index 9b76457..96111aa 100644
--- a/tests/test_misc.py
+++ b/tests/test_misc.py
@@ -171,6 +171,11 @@ def test_change_hash_type(app, sqlalchemy_datastore):
     response = client.post('/login', data=dict(email='matt@lp.com', password='password'))
     assert response.status_code == 302
 
+    response = client.get('/logout')
+
+    response = client.post('/login', data=dict(email='matt@lp.com', password='password'))
+    assert response.status_code == 302
+
 
 def test_md5():
     data = md5(b'hello')