Delete Tokens and Authorizations on password change

Closes: https://git.pleroma.social/pleroma/pleroma/issues/320

lib/pleroma/user.ex

@@ -4,7 +4,7 @@ defmodule Pleroma.User do
   import Ecto.{Changeset, Query}
   alias Pleroma.{Repo, User, Object, Web, Activity, Notification}
   alias Comeonin.Pbkdf2
-  alias Pleroma.Web.{OStatus, Websub}
+  alias Pleroma.Web.{OStatus, Websub, OAuth}
   alias Pleroma.Web.ActivityPub.{Utils, ActivityPub}
 
   schema "users" do
@@ -132,6 +132,9 @@ defmodule Pleroma.User do
       |> validate_required([:password, :password_confirmation])
       |> validate_confirmation(:password)
 
+    OAuth.Token.delete_user_tokens(struct)
+    OAuth.Authorization.delete_user_authorizations(struct)
+
     if changeset.valid? do
       hashed = Pbkdf2.hashpwsalt(changeset.changes[:password])
 

lib/pleroma/web/oauth/authorization.ex

@@ -4,7 +4,7 @@ defmodule Pleroma.Web.OAuth.Authorization do
   alias Pleroma.{User, Repo}
   alias Pleroma.Web.OAuth.{Authorization, App}
 
-  import Ecto.{Changeset}
+  import Ecto.{Changeset, Query}
 
   schema "oauth_authorizations" do
     field(:token, :string)
@@ -45,4 +45,12 @@ defmodule Pleroma.Web.OAuth.Authorization do
   end
 
   def use_token(%Authorization{used: true}), do: {:error, "already used"}
+
+  def delete_user_authorizations(%User{id: user_id}) do
+    from(
+      a in Pleroma.Web.OAuth.Authorization,
+      where: a.user_id == ^user_id
+    )
+    |> Repo.delete_all()
+  end
 end

lib/pleroma/web/oauth/token.ex

@@ -1,6 +1,8 @@
 defmodule Pleroma.Web.OAuth.Token do
   use Ecto.Schema
 
+  import Ecto.Query
+
   alias Pleroma.{User, Repo}
   alias Pleroma.Web.OAuth.{Token, App, Authorization}
 
@@ -35,4 +37,12 @@ defmodule Pleroma.Web.OAuth.Token do
 
     Repo.insert(token)
   end
+
+  def delete_user_tokens(%User{id: user_id}) do
+    from(
+      t in Pleroma.Web.OAuth.Token,
+      where: t.user_id == ^user_id
+    )
+    |> Repo.delete_all()
+  end
 end