Delete Tokens and Authorizations on password change

Closes: https://git.pleroma.social/pleroma/pleroma/issues/320
2018-10-14 01:45:11 +02:00 · 2018-10-14 01:45:11 +02:00 · eacab0fb05
commit eacab0fb05
parent 117e005409
5 changed files with 77 additions and 2 deletions
--- a/lib/pleroma/web/oauth/token.ex
+++ b/lib/pleroma/web/oauth/token.ex
@ -1,6 +1,8 @@
 defmodule Pleroma.Web.OAuth.Token do
  use Ecto.Schema

+  import Ecto.Query
+
  alias Pleroma.{User, Repo}
  alias Pleroma.Web.OAuth.{Token, App, Authorization}

@ -35,4 +37,12 @@ defmodule Pleroma.Web.OAuth.Token do

    Repo.insert(token)
  end
+
+  def delete_user_tokens(%User{id: user_id}) do
+    from(
+      t in Pleroma.Web.OAuth.Token,
+      where: t.user_id == ^user_id
+    )
+    |> Repo.delete_all()
+  end
 end