Authentication: Support for fallback secret keys in get_session_auth_hash (#4481)

* Authentication: Support for fallback secret keys in get_session_auth_hash

* Update src/pretix/presale/utils.py

Co-authored-by: Richard Schreiber <schreiber@rami.io>

---------

Co-authored-by: Richard Schreiber <schreiber@rami.io>

src/tests/presale/test_customer.py

@@ -628,7 +628,7 @@ def test_change_email(env, client):
 
 
 @pytest.mark.django_db
-def test_change_pw(env, client):
+def test_change_pw(env, client, client2):
     with scopes_disabled():
         customer = env[0].customers.create(email='john@example.org', is_verified=True)
         customer.set_password('foo')
@@ -640,6 +640,12 @@ def test_change_pw(env, client):
     })
     assert r.status_code == 302
 
+    r = client2.post('/bigevents/account/login', {
+        'email': 'john@example.org',
+        'password': 'foo',
+    })
+    assert r.status_code == 302
+
     r = client.post('/bigevents/account/password', {
         'password_current': 'invalid',
         'password': 'aYLBRNg4',
@@ -658,6 +664,13 @@ def test_change_pw(env, client):
     customer.refresh_from_db()
     assert customer.check_password('aYLBRNg4')
 
+    r = client.get('/bigevents/account/password')
+    assert r.status_code == 200
+
+    # Client 2 got logged out
+    r = client2.post('/bigevents/account/password')
+    assert r.status_code == 302
+
 
 @pytest.mark.django_db
 def test_login_per_org(env, client):