From 130f7c82a8db5f22aa6614429bef2c10785df0f7 Mon Sep 17 00:00:00 2001
From: xboard <xboard@xboard.one>
Date: Sat, 28 Mar 2026 08:31:24 +0800
Subject: [PATCH] feat: revoke other sessions when changing password (fix #414)

---
 app/Http/Controllers/V1/User/UserController.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/app/Http/Controllers/V1/User/UserController.php b/app/Http/Controllers/V1/User/UserController.php
index c9fb361..c561988 100755
--- a/app/Http/Controllers/V1/User/UserController.php
+++ b/app/Http/Controllers/V1/User/UserController.php
@@ -74,6 +74,14 @@ class UserController extends Controller
         if (!$user->save()) {
             return $this->fail([400, __('Save failed')]);
         }
+        
+        $currentToken = $user->currentAccessToken();
+        if ($currentToken) {
+            $user->tokens()->where('id', '!=', $currentToken->id)->delete();
+        } else {
+            $user->tokens()->delete();
+        }
+        
         return $this->success(true);
     }