Add `change password` UI + API.

The protocol here re-checks the caller's password, as a "I left myself logged in" anti-pranking check.

1 files changed, 18 insertions, 0 deletions

diff --git a/src/token/repo/token.rs b/src/token/repo/token.rs
index 35ea385..33b89d5 100644
--- a/src/token/repo/token.rs
+++ b/src/token/repo/token.rs
@@ -84,6 +84,24 @@ impl<'c> Tokens<'c> {
         Ok(())
     }
 
+    // Revoke tokens for a login
+    pub async fn revoke_all(&mut self, login: &login::History) -> Result<Vec<Id>, sqlx::Error> {
+        let login = login.id();
+        let tokens = sqlx::query_scalar!(
+            r#"
+                delete
+                from token
+                where login = $1
+                returning id as "id: Id"
+            "#,
+            login,
+        )
+        .fetch_all(&mut *self.0)
+        .await?;
+
+        Ok(tokens)
+    }
+
     // Expire and delete all tokens that haven't been used more recently than
     // `expire_at`.
     pub async fn expire(&mut self, expire_at: &DateTime) -> Result<Vec<Id>, sqlx::Error> {