Merge pull request #15728 from overleaf/td-lg-expire-password-tokens

Expire user password reset tokens when user changes their password

GitOrigin-RevId: 2d303eba947c224e71ebe60083abc7a8ff5207a5

services/web/test/unit/src/User/UserControllerTests.js

@@ -129,6 +129,10 @@ describe('UserController', function () {
       promises: { sendEmail: sinon.stub().resolves() },
     }
 
+    this.OneTimeTokenHandler = {
+      promises: { expireAllTokensForUser: sinon.stub().resolves() },
+    }
+
     this.UserController = SandboxedModule.require(modulePath, {
       requires: {
         '../Helpers/UrlHelper': this.UrlHelper,
@@ -149,6 +153,7 @@ describe('UserController', function () {
         '@overleaf/settings': this.settings,
         '@overleaf/o-error': OError,
         '../Email/EmailHandler': this.EmailHandler,
+        '../Security/OneTimeTokenHandler': this.OneTimeTokenHandler,
         '../../infrastructure/RequestContentTypeDetection':
           this.RequestContentTypeDetection,
       },
@@ -739,6 +744,17 @@ describe('UserController', function () {
         })
         this.UserController.changePassword(this.req, this.res)
       })
+
+      it('should expire password reset tokens', function (done) {
+        this.res.json.callsFake(() => {
+          this.OneTimeTokenHandler.promises.expireAllTokensForUser.should.have.been.calledWith(
+            this.user._id,
+            'password'
+          )
+          done()
+        })
+        this.UserController.changePassword(this.req, this.res)
+      })
     })
 
     describe('errors', function () {