feat: revoke other sessions when changing password (fix #414)

2026-04-03 10:30:51 +08:00 · 2026-03-28 08:31:24 +08:00
parent 0ab67c7a9b
commit 130f7c82a8
1 changed files with 8 additions and 0 deletions
--- a/app/Http/Controllers/V1/User/UserController.php
+++ b/app/Http/Controllers/V1/User/UserController.php
@@ -74,6 +74,14 @@ class UserController extends Controller
        if (!$user->save()) {
            return $this->fail([400, __('Save failed')]);
        }
+        
+        $currentToken = $user->currentAccessToken();
+        if ($currentToken) {
+            $user->tokens()->where('id', '!=', $currentToken->id)->delete();
+        } else {
+            $user->tokens()->delete();
+        }
+        
        return $this->success(true);
    }