fix: clear sessions upon password reset

2025-07-29 16:04:53 -04:00
parent 92868201a3
commit bf51f48961
1 changed files with 5 additions and 0 deletions
--- a/src/main/java/icu/samnyan/aqua/net/UserRegistrar.kt
+++ b/src/main/java/icu/samnyan/aqua/net/UserRegistrar.kt
@@ -202,6 +202,11 @@ class UserRegistrar(
        // Change the password
        async { userRepo.save(reset.aquaNetUser.apply { pwHash = validator.checkPwHash(password) }) }
        // Clear all sessions
        sessionRepo.deleteAll(
            sessionRepo.findByAquaNetUserAuId(reset.aquaNetUser.auId)
        )
        return SUCCESS
    }