Revoke all access tokens after password reset

README.md

@@ -219,6 +219,12 @@ List generated invites:
 mitractl list-invite-codes
 ```
 
+Set or change password:
+
+```
+mitractl set-password <user-id> <password>
+```
+
 Delete profile:
 
 ```

src/cli.rs

@@ -20,6 +20,7 @@ use crate::models::profiles::queries::{
     get_profile_by_id,
     get_profile_by_remote_actor_id,
 };
+use crate::models::oauth::queries::delete_oauth_tokens;
 use crate::models::subscriptions::queries::reset_subscriptions;
 use crate::models::users::queries::{
     create_invite_code,
@@ -140,6 +141,8 @@ impl SetPassword {
     ) -> Result<(), Error> {
         let password_hash = hash_password(&self.password)?;
         set_user_password(db_client, &self.id, password_hash).await?;
+        // Revoke all sessions
+        delete_oauth_tokens(db_client, &self.id).await?;
         println!("password updated");
         Ok(())
     }

src/models/oauth/queries.rs

@@ -53,6 +53,17 @@ pub async fn delete_oauth_token(
     Ok(())
 }
 
+pub async fn delete_oauth_tokens(
+    db_client: &impl GenericClient,
+    owner_id: &Uuid,
+) -> Result<(), DatabaseError> {
+    db_client.execute(
+        "DELETE FROM oauth_token WHERE owner_id = $1",
+        &[&owner_id],
+    ).await?;
+    Ok(())
+}
+
 pub async fn get_user_by_oauth_token(
     db_client: &impl GenericClient,
     access_token: &str,