From f07bb80a6c9d261d18d5db6c5b4a2e695c28e4bd Mon Sep 17 00:00:00 2001
From: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
Date: Fri, 6 Sep 2024 12:11:47 +0200
Subject: [PATCH] Revoke all user sessions on password reset

---
 lib/plausible_web/live/reset_password_form.ex | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/plausible_web/live/reset_password_form.ex b/lib/plausible_web/live/reset_password_form.ex
index 6b757d4ec015..7d60240360dc 100644
--- a/lib/plausible_web/live/reset_password_form.ex
+++ b/lib/plausible_web/live/reset_password_form.ex
@@ -10,6 +10,7 @@ defmodule PlausibleWeb.Live.ResetPasswordForm do
 
   alias Plausible.Auth
   alias Plausible.Repo
+  alias PlausibleWeb.UserAuth
 
   def mount(_params, %{"email" => email}, socket) do
     socket =
@@ -96,7 +97,8 @@ defmodule PlausibleWeb.Live.ResetPasswordForm do
       end)
 
     case result do
-      {:ok, _user} ->
+      {:ok, user} ->
+        UserAuth.revoke_all_user_sessions(user)
         {:noreply, assign(socket, trigger_submit: true)}
 
       {:error, changeset} ->