feat: invalidate user sessions on password/email change

pages/[fund]/account/settings.tsx

@@ -17,7 +17,8 @@ import Spinner from '../../../components/Spinner'
 import { toast } from '../../../components/ui/use-toast'
 import { trpc } from '../../../utils/trpc'
 import { useFundSlug } from '../../../utils/use-fund-slug'
-import { useSession } from 'next-auth/react'
+import { signOut, useSession } from 'next-auth/react'
+import { useRouter } from 'next/router'
 
 const changePasswordFormSchema = z
   .object({
@@ -66,7 +67,8 @@ function Settings() {
 
       changePasswordForm.reset()
 
-      toast({ title: 'Password successfully changed!' })
+      toast({ title: 'Password successfully changed! Please log in again.' })
+      await signOut({ callbackUrl: `/${fundSlug}/?loginEmail=${session.data?.user.email}` })
     } catch (error) {
       const errorMessage = (error as any).message
 

server/routers/account.ts

@@ -58,6 +58,8 @@ export const accountRouter = router({
           credentials: [{ type: 'password', value: input.newPassword, temporary: false }],
         }
       )
+
+      await keycloak.users.logout({ id: userId })
     }),
 
   requestEmailChange: protectedProcedure

server/routers/auth.ts

@@ -116,6 +116,8 @@ export const authRouter = router({
         }
       )
 
+      await keycloak.users.logout({ id: decoded.userId })
+
       return { email: decoded.email }
     }),
 
@@ -223,6 +225,8 @@ export const authRouter = router({
         }
       )
 
+      await keycloak.users.logout({ id: decoded.userId })
+
       return { email: decoded.email }
     }),
 })