1 年之前 · 0b093dd57e
--- a/packages/backend/src/routers/user-protected/change-password.js
+++ b/packages/backend/src/routers/user-protected/change-password.js
@@ -80,6 +80,14 @@ module.exports = {
 
				         const svc_email = req.services.get('email');
			
 
				         svc_email.send_email({ email: req.user.email }, 'password_change_notification');
			
 
				 
			
 
				+        // Kick out all other sessions
			
 
				+        const svc_auth = req.services.get('auth');
			
 
				+        const sessions = await svc_auth.list_sessions(req.actor);
			
 
				+        for ( const session of sessions ) {
			
 
				+            if ( session.current ) continue;
			
 
				+            await svc_auth.revoke_session(req.actor, session.uuid);
			
 
				+        }
			
 
				+
			
 
				         return res.send('Password successfully updated.')
			
 
				     }
			
 
				 };
			
--- a/packages/backend/src/services/auth/AuthService.js
+++ b/packages/backend/src/services/auth/AuthService.js
@@ -365,11 +365,14 @@ class AuthService extends BaseService {
 
				                 mysql: () => session.meta,
			
 
				                 otherwise: () => JSON.parse(session.meta ?? "{}")
			
 
				             })();
			
 
				+            sessions.push(session);
			
 
				+        };
			
 
				+
			
 
				+        for ( const session of sessions ) {
			
 
				             if ( session.uuid === actor.type.session ) {
			
 
				                 session.current = true;
			
 
				             }
			
 
				-            sessions.push(session);
			
 
				-        };
			
 
				+        }
			
 
				 
			
 
				         return sessions;
			
 
				     }