Unify password changing and invalidate auth tokens (#27625)

- Unify the password changing code - Invalidate existing auth tokens when changing passwords
2025-05-25 11:22:16 +00:00 · 2024-02-04 15:05:26 +01:00 · 2024-02-04 15:05:26 +01:00 · 688d4a1f71
commit 688d4a1f71
parent f8b471ace1
3 changed files with 20 additions and 1 deletions
--- a/services/user/delete.go
+++ b/services/user/delete.go
@ -187,6 +187,10 @@ func deleteUser(ctx context.Context, u *user_model.User, purge bool) (err error)
 	}
 	// ***** END: ExternalLoginUser *****

+	if err := auth_model.DeleteAuthTokensByUserID(ctx, u.ID); err != nil {
+		return fmt.Errorf("DeleteAuthTokensByUserID: %w", err)
+	}
+
 	if _, err = db.DeleteByID[user_model.User](ctx, u.ID); err != nil {
 		return fmt.Errorf("delete: %w", err)
 	}