Delete Tokens and Authorizations on password change

Closes: https://git.pleroma.social/pleroma/pleroma/issues/320
author: Haelwenn (lanodan) Monnier <contact@hacktivis.me> 2018-10-14 01:45:11 +0200
committer: Haelwenn (lanodan) Monnier <contact@hacktivis.me> 2018-10-14 02:14:54 +0200
commit: eacab0fb056ffc018b7e0abea27db7af435dc553 (patch)
tree: 5654d6c9657fd92cd05bdfee3e20d5898da982f2 /lib/pleroma/web/oauth/authorization.ex
parent: 117e005409c75c2d53df88fa19211823bdf3d61e (diff)
download: pleroma-eacab0fb056ffc018b7e0abea27db7af435dc553.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/lib/pleroma/web/oauth/authorization.ex b/lib/pleroma/web/oauth/authorization.ex
index 23e8eb7b1..2cad4550a 100644
--- a/lib/pleroma/web/oauth/authorization.ex
+++ b/lib/pleroma/web/oauth/authorization.ex
@@ -4,7 +4,7 @@ defmodule Pleroma.Web.OAuth.Authorization do
   alias Pleroma.{User, Repo}
   alias Pleroma.Web.OAuth.{Authorization, App}
 
-  import Ecto.{Changeset}
+  import Ecto.{Changeset, Query}
 
   schema "oauth_authorizations" do
     field(:token, :string)
@@ -45,4 +45,12 @@ defmodule Pleroma.Web.OAuth.Authorization do
   end
 
   def use_token(%Authorization{used: true}), do: {:error, "already used"}
+
+  def delete_user_authorizations(%User{id: user_id}) do
+    from(
+      a in Pleroma.Web.OAuth.Authorization,
+      where: a.user_id == ^user_id
+    )
+    |> Repo.delete_all()
+  end
 end
author	Haelwenn (lanodan) Monnier <contact@hacktivis.me>	2018-10-14 01:45:11 +0200
committer	Haelwenn (lanodan) Monnier <contact@hacktivis.me>	2018-10-14 02:14:54 +0200
commit	eacab0fb056ffc018b7e0abea27db7af435dc553 (patch)
tree	5654d6c9657fd92cd05bdfee3e20d5898da982f2 /lib/pleroma/web/oauth/authorization.ex
parent	117e005409c75c2d53df88fa19211823bdf3d61e (diff)
download	pleroma-eacab0fb056ffc018b7e0abea27db7af435dc553.tar.gz