Flush all user remember me sessions when changing password

ChangeLog

@@ -14,6 +14,7 @@ Version 1.2.0 (unreleased)
 * Show last parsing error message in user interface
 * Disable automatically a feed after too many failures
 * Add support for Expires and Cache-Control headers (HTTP cache)
+* Flush all user remember me sessions when changing password
 * Update Docker image to Ubuntu 16.04 and PHP 7.0
 * Add Docker compose file
 * Add functional tests (Json-RPC API and Fever API)

app/models/remember_me.php

@@ -87,6 +87,14 @@ function cleanup()
         ->remove();
 }
 
+function remove_user_sessions($user_id)
+{
+    return Database::getInstance('db')
+        ->table(TABLE)
+        ->eq('user_id', $user_id)
+        ->remove();
+}
+
 function update($token)
 {
     $new_sequence = Helper\generate_token();

app/models/user.php

@@ -3,6 +3,7 @@
 namespace Miniflux\Model\User;
 
 use PicoDb\Database;
+use Miniflux\Model;
 use Miniflux\Helper;
 
 const TABLE = 'users';
@@ -43,6 +44,7 @@ function update_user($user_id, $username, $password = null, $is_admin = null)
 
     if ($password !== null) {
         $values['password'] = password_hash($password, PASSWORD_BCRYPT);
+        Model\RememberMe\remove_user_sessions($user_id);
     }
 
     if ($is_admin !== null) {