From cdb500e8e66e540e044cbea3843b22da8349f8b1 Mon Sep 17 00:00:00 2001
From: ChrisChrome <christophercookman@gmail.com>
Date: Wed, 10 Aug 2022 19:11:04 -0600
Subject: Invalidate tokens on password change

---
 src/api/routes/users/@me/index.ts | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/api/routes/users/@me/index.ts b/src/api/routes/users/@me/index.ts
index 5738776f..3ac48f27 100644
--- a/src/api/routes/users/@me/index.ts
+++ b/src/api/routes/users/@me/index.ts
@@ -9,10 +9,10 @@ import {
 	adjustEmail,
 	Config,
 	UserModifySchema,
+	generateToken,
 } from "@fosscord/util";
 import { route } from "@fosscord/api";
 import bcrypt from "bcrypt";
-import { HTTPError } from "lambert-server";
 
 const router: Router = Router();
 
@@ -36,6 +36,9 @@ router.patch(
 			select: [...PrivateUserProjection, "data"],
 		});
 
+		// Populated on password change
+		var newToken: string | undefined;
+
 		if (body.avatar)
 			body.avatar = await handleFile(
 				`/avatars/${req.user_id}`,
@@ -94,6 +97,8 @@ router.patch(
 				});
 			}
 			user.data.hash = await bcrypt.hash(body.new_password, 12);
+			user.data.valid_tokens_since = new Date();
+			newToken = await generateToken(user.id) as string;
 		}
 
 		if (body.username) {
@@ -140,7 +145,10 @@ router.patch(
 			data: user,
 		} as UserUpdateEvent);
 
-		res.json(user);
+		res.json({
+			...user,
+			newToken,
+		});
 	},
 );
 
-- 
cgit 1.4.1