fix: clear sessions upon password reset

2025-10-25 12:02:40 +00:00 · 2025-07-29 16:04:53 -04:00 · 2025-07-29 16:04:53 -04:00 · bf51f48961
commit bf51f48961
parent 92868201a3
1 changed files with 5 additions and 0 deletions
--- a/src/main/java/icu/samnyan/aqua/net/UserRegistrar.kt
+++ b/src/main/java/icu/samnyan/aqua/net/UserRegistrar.kt
@ -202,6 +202,11 @@ class UserRegistrar(
        // Change the password
        async { userRepo.save(reset.aquaNetUser.apply { pwHash = validator.checkPwHash(password) }) }

+        // Clear all sessions
+        sessionRepo.deleteAll(
+            sessionRepo.findByAquaNetUserAuId(reset.aquaNetUser.auId)
+        )
+
        return SUCCESS
    }