From bf51f48961a7de9f4eb5a0e8ceecd47fcb214595 Mon Sep 17 00:00:00 2001
From: Raymond <101374892+raymonable@users.noreply.github.com>
Date: Tue, 29 Jul 2025 16:04:53 -0400
Subject: [PATCH] fix: clear sessions upon password reset

---
 src/main/java/icu/samnyan/aqua/net/UserRegistrar.kt | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/main/java/icu/samnyan/aqua/net/UserRegistrar.kt b/src/main/java/icu/samnyan/aqua/net/UserRegistrar.kt
index d7443b00..8fa5ca44 100644
--- a/src/main/java/icu/samnyan/aqua/net/UserRegistrar.kt
+++ b/src/main/java/icu/samnyan/aqua/net/UserRegistrar.kt
@@ -202,6 +202,11 @@ class UserRegistrar(
         // Change the password
         async { userRepo.save(reset.aquaNetUser.apply { pwHash = validator.checkPwHash(password) }) }
 
+        // Clear all sessions
+        sessionRepo.deleteAll(
+            sessionRepo.findByAquaNetUserAuId(reset.aquaNetUser.auId)
+        )
+
         return SUCCESS
     }