From 315966acba46d16d7334e8f326696982f4c00f98 Mon Sep 17 00:00:00 2001
From: Sebastian Pravda <sebastian.pravda@gmail.com>
Date: Thu, 17 Nov 2022 20:00:40 +0100
Subject: [PATCH] feat: revoke all candidate sessions on password reset

---
 core/src/services/candidate_service.rs |  4 +++-
 core/src/services/session_service.rs   | 12 ++++++------
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/core/src/services/candidate_service.rs b/core/src/services/candidate_service.rs
index f84e993..4903f45 100644
--- a/core/src/services/candidate_service.rs
+++ b/core/src/services/candidate_service.rs
@@ -118,7 +118,9 @@ impl CandidateService {
         let encrypted_priv_key = crypto::encrypt_password(priv_key_plain_text, 
             new_password_plain.to_string()
         ).await?;
-        
+
+
+        SessionService::revoke_all_sessions(db, Some(id), None).await?;
         Mutation::update_candidate_password_with_keys(db, candidate.clone(), new_password_hash, pubkey, encrypted_priv_key).await?;
         
         let enc_details_opt = EncryptedApplicationDetails::try_from((candidate, parent));
diff --git a/core/src/services/session_service.rs b/core/src/services/session_service.rs
index 4960fc4..08c9bac 100644
--- a/core/src/services/session_service.rs
+++ b/core/src/services/session_service.rs
@@ -1,7 +1,7 @@
 use std::cmp::min;
 
 use entity::{admin, candidate};
-use sea_orm::{prelude::Uuid, DatabaseConnection, ModelTrait};
+use sea_orm::{prelude::Uuid, DatabaseConnection, ModelTrait, DbConn};
 
 use crate::{
     crypto::{self},
@@ -114,9 +114,12 @@ impl SessionService {
         Ok(session.id.to_string())
     }
 
+    pub async fn revoke_all_sessions(db: &DbConn, user_id: Option<i32>, admin_id: Option<i32>) -> Result<(), ServiceError> {
+        Self::delete_old_sessions(db, user_id, admin_id, 0).await
+    }
+
     /// Authenticate user by session id
     /// Return user model if session is valid
-
     pub async fn auth_user_session(
         db: &DatabaseConnection,
         uuid: Uuid,
@@ -162,11 +165,8 @@ impl SessionService {
 
 #[cfg(test)]
 mod tests {
-    use entity::{admin, candidate, session, parent};
-
     use sea_orm::{
-        prelude::Uuid, sea_query::TableCreateStatement, ConnectionTrait, Database, DbBackend,
-        DbConn, Schema,
+        prelude::Uuid,
     };
 
     use crate::{