From f5b0cdb32bc3e786a8e639087332a212ffdd5d14 Mon Sep 17 00:00:00 2001 From: Pancakes Date: Mon, 7 Jul 2025 20:51:47 -0400 Subject: [PATCH] Delete sessions on password change --- api/account/changepw.go | 5 +++++ db/account.go | 9 +++++++++ 2 files changed, 14 insertions(+) diff --git a/api/account/changepw.go b/api/account/changepw.go index a7212d2..414a40a 100644 --- a/api/account/changepw.go +++ b/api/account/changepw.go @@ -35,6 +35,11 @@ func ChangePW(uuid []byte, password string) error { return fmt.Errorf("failed to generate salt: %s", err) } + err = db.RemoveSessionsFromUUID(uuid) + if err != nil { + return fmt.Errorf("failed to remove sessions: %s", err) + } + err = db.UpdateAccountPassword(uuid, deriveArgon2IDKey([]byte(password), salt), salt) if err != nil { return fmt.Errorf("failed to add account record: %s", err) diff --git a/db/account.go b/db/account.go index 8a98f5a..54f31c4 100644 --- a/db/account.go +++ b/db/account.go @@ -405,6 +405,15 @@ func RemoveSessionFromToken(token []byte) error { return nil } +func RemoveSessionsFromUUID(uuid []byte) error { + _, err := handle.Exec("DELETE FROM sessions WHERE uuid = ?", uuid) + if err != nil { + return err + } + + return nil +} + func FetchUsernameFromUUID(uuid []byte) (string, error) { var username string err := handle.QueryRow("SELECT username FROM accounts WHERE uuid = ?", uuid).Scan(&username)