Feat: Refresh login token for the client initiating password change (#4214)

server/model/user.js

@@ -25,8 +25,14 @@ class User extends BeanModel {
      * @returns {Promise<void>}
      */
     async resetPassword(newPassword) {
-        await User.resetPassword(this.id, newPassword);
+        const hashedPassword = passwordHash.generate(newPassword);
-        this.password = newPassword;
+
+        await R.exec("UPDATE `user` SET password = ? WHERE id = ? ", [
+            hashedPassword,
+            this.id
+        ]);
+
+        this.password = hashedPassword;
     }
 
     /**

server/server.js

@@ -1270,6 +1270,7 @@ let needSetup = false;
 
                 callback({
                     ok: true,
+                    token: User.createJWT(user, server.jwtSecret),
                     msg: "successAuthChangePassword",
                     msgi18n: true,
                 });

src/components/settings/Security.vue

@@ -177,6 +177,12 @@ export default {
                             this.password.currentPassword = "";
                             this.password.newPassword = "";
                             this.password.repeatNewPassword = "";
+
+                            // Update token of the current session
+                            if (res.token) {
+                                this.$root.storage().token = res.token;
+                                this.$root.socket.token = res.token;
+                            }
                         }
                     });
             }