From 66d3fcf2e22f057bacce8d97d43a13c1c5a9ad09 Mon Sep 17 00:00:00 2001
From: Owen Jacobson <owen@grimoire.ca>
Date: Tue, 29 Oct 2024 23:29:22 -0400
Subject: Add `change password` UI + API.

The protocol here re-checks the caller's password, as a "I left myself logged in" anti-pranking check.
---
 src/token/repo/token.rs | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'src/token/repo/token.rs')

diff --git a/src/token/repo/token.rs b/src/token/repo/token.rs
index 35ea385..33b89d5 100644
--- a/src/token/repo/token.rs
+++ b/src/token/repo/token.rs
@@ -84,6 +84,24 @@ impl<'c> Tokens<'c> {
         Ok(())
     }
 
+    // Revoke tokens for a login
+    pub async fn revoke_all(&mut self, login: &login::History) -> Result<Vec<Id>, sqlx::Error> {
+        let login = login.id();
+        let tokens = sqlx::query_scalar!(
+            r#"
+                delete
+                from token
+                where login = $1
+                returning id as "id: Id"
+            "#,
+            login,
+        )
+        .fetch_all(&mut *self.0)
+        .await?;
+
+        Ok(tokens)
+    }
+
     // Expire and delete all tokens that haven't been used more recently than
     // `expire_at`.
     pub async fn expire(&mut self, expire_at: &DateTime) -> Result<Vec<Id>, sqlx::Error> {
-- 
cgit v1.2.3