Revoke all access tokens after password reset

2022-11-15 16:09:11 +00:00 · 2022-11-15 16:09:11 +00:00 · 9ad6bdf1c9
parent 445177d9a7
commit 9ad6bdf1c9
3 changed files with 20 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -219,6 +219,12 @@ List generated invites:
 mitractl list-invite-codes
 ```

+Set or change password:
+
+```
+mitractl set-password <user-id> <password>
+```
+
 Delete profile:

 ```
--- a/src/cli.rs
+++ b/src/cli.rs
@ -20,6 +20,7 @@ use crate::models::profiles::queries::{
    get_profile_by_id,
    get_profile_by_remote_actor_id,
 };
+use crate::models::oauth::queries::delete_oauth_tokens;
 use crate::models::subscriptions::queries::reset_subscriptions;
 use crate::models::users::queries::{
    create_invite_code,
@ -140,6 +141,8 @@ impl SetPassword {
    ) -> Result<(), Error> {
        let password_hash = hash_password(&self.password)?;
        set_user_password(db_client, &self.id, password_hash).await?;
+        // Revoke all sessions
+        delete_oauth_tokens(db_client, &self.id).await?;
        println!("password updated");
        Ok(())
    }
--- a/src/models/oauth/queries.rs
+++ b/src/models/oauth/queries.rs
@ -53,6 +53,17 @@ pub async fn delete_oauth_token(
    Ok(())
 }

+pub async fn delete_oauth_tokens(
+    db_client: &impl GenericClient,
+    owner_id: &Uuid,
+) -> Result<(), DatabaseError> {
+    db_client.execute(
+        "DELETE FROM oauth_token WHERE owner_id = $1",
+        &[&owner_id],
+    ).await?;
+    Ok(())
+}
+
 pub async fn get_user_by_oauth_token(
    db_client: &impl GenericClient,
    access_token: &str,