From 6fde72a69335c80079363b7d26aa94e7f67400e1 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Thu, 25 Aug 2022 12:24:26 -0700
Subject: [PATCH] Log user out of other devices when they change their password

Signed-off-by: snipe <snipe@snipe.net>
---
 app/Http/Controllers/ProfileController.php | 7 +++++--
 app/Http/Kernel.php                        | 1 +
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/app/Http/Controllers/ProfileController.php b/app/Http/Controllers/ProfileController.php
index 14f9ba81c06f..38d4226dfa72 100755
--- a/app/Http/Controllers/ProfileController.php
+++ b/app/Http/Controllers/ProfileController.php
@@ -4,7 +4,7 @@
 
 use App\Http\Requests\ImageUploadRequest;
 use App\Models\Setting;
-use Auth;
+use Illuminate\Support\Facades\Auth;
 use Gate;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Hash;
@@ -133,7 +133,7 @@ public function api()
     public function password()
     {
         $user = Auth::user();
-
+        
         return view('account/change-password', compact('user'));
     }
 
@@ -186,6 +186,9 @@ public function passwordSave(Request $request)
         if (! $validator->fails()) {
             $user->password = Hash::make($request->input('password'));
             $user->save();
+
+            // Log the user out of other devices
+            Auth::logoutOtherDevices($request->input('password'));
             return redirect()->route('account.password.index')->with('success', 'Password updated!');
 
         }
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 10f9fd323534..36014dc7dea8 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -43,6 +43,7 @@ class Kernel extends HttpKernel
             \App\Http\Middleware\CheckForTwoFactor::class,
             \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
             \App\Http\Middleware\AssetCountForSidebar::class,
+            \Illuminate\Session\Middleware\AuthenticateSession::class,
         ],
 
         'api' => [