feat: delete all sessions for the user when changing password

src/server/core/TipiCache/TipiCache.ts

@@ -48,7 +48,7 @@ class TipiCache {
     return client.del(key);
   }
 
-  public async delByValue(value: string, prefix = '') {
+  public async delByValue(value: string, prefix: string) {
     const client = await this.getClient();
     const keys = await client.keys(`${prefix}*`);
 

src/server/services/auth/auth.service.ts

@@ -389,7 +389,9 @@ export class AuthServiceClass {
     }
 
     const hash = await argon2.hash(newPassword);
-    await this.prisma.user.update({ where: { id: user.id }, data: { password: hash, totp_enabled: false, totp_secret: null } });
+    await this.prisma.user.update({ where: { id: user.id }, data: { password: hash } });
+
+    await TipiCache.delByValue(userId.toString(), 'auth');
 
     return true;
   };