feat: revoke other sessions when changing password (fix #414)

app/Http/Controllers/V1/User/UserController.php

@@ -74,6 +74,14 @@ class UserController extends Controller
         if (!$user->save()) {
             return $this->fail([400, __('Save failed')]);
         }
+        
+        $currentToken = $user->currentAccessToken();
+        if ($currentToken) {
+            $user->tokens()->where('id', '!=', $currentToken->id)->delete();
+        } else {
+            $user->tokens()->delete();
+        }
+        
         return $this->success(true);
     }