Update Password Change with new Revoke Sessions option

As requested in https://lgbtqia.space/@serigala_tropis/116412473982617371

app/Http/Controllers/Settings/HomeSettings.php

@@ -10,10 +10,10 @@ use App\Services\AccountService;
 use App\Services\PronounService;
 use App\Util\Lexer\Autolink;
 use App\Util\Lexer\PrettyNumber;
-use Auth;
 use Cache;
 use Illuminate\Http\Request;
-use Mail;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Mail;
 use Purify;
 
 trait HomeSettings
@@ -118,38 +118,48 @@ trait HomeSettings
     {
         $this->validate($request, [
             'current' => 'required|string',
-            'password' => 'required|string',
-            'password_confirmation' => 'required|string',
+            'password' => 'required|string|confirmed|min:8|different:current',
+            'revoke_sessions' => 'nullable|boolean',
         ]);
 
         $current = $request->input('current');
         $new = $request->input('password');
-        $confirm = $request->input('password_confirmation');
+        $revokeSessions = $request->boolean('revoke_sessions');
 
-        $user = Auth::user();
-
-        if (password_verify($current, $user->password) && $new === $confirm) {
-            $user->password = bcrypt($new);
-            $user->save();
-
-            $log = new AccountLog;
-            $log->user_id = $user->id;
-            $log->item_id = $user->id;
-            $log->item_type = 'App\User';
-            $log->action = 'account.edit.password';
-            $log->message = 'Password changed';
-            $log->link = null;
-            $log->ip_address = $request->ip();
-            $log->user_agent = $request->userAgent();
-            $log->save();
+        $user = $request->user();
 
-            Mail::to($request->user())->send(new PasswordChange($user));
-
-            return redirect('/settings/home')->with('status', 'Password successfully updated!');
-        } else {
+        if (!password_verify($current, $user->password)) {
             return redirect()->back()->with('error', 'There was an error with your request! Please try again.');
         }
 
+        $user->password = bcrypt($new);
+        $user->save();
+
+        $log = new AccountLog;
+        $log->user_id = $user->id;
+        $log->item_id = $user->id;
+        $log->item_type = 'App\User';
+        $log->action = 'account.edit.password';
+        $log->message = $revokeSessions
+            ? 'Password changed and all sessions revoked'
+            : 'Password changed';
+        $log->link = null;
+        $log->ip_address = $request->ip();
+        $log->user_agent = $request->userAgent();
+        $log->save();
+
+        Mail::to($request->user())->send(new PasswordChange($user));
+
+        if ($revokeSessions) {
+            $user->tokens->each(function ($token) {
+                $token->revoke();
+                $token->refreshToken?->revoke();
+            });
+
+            Auth::logoutOtherDevices($new);
+        }
+
+        return redirect('/settings/home')->with('status', 'Password successfully updated!');
     }
 
     public function email()

resources/views/settings/password.blade.php

@@ -50,6 +50,14 @@
 			        <input type="password" class="form-control" name="password_confirmation" placeholder="{{__('settings.password.confirm_new_password')}}">
 			      </div>
 			    </div>
+			    <div class="form-group row">
+			      <div class="col-sm-9 offset-sm-3">
+			        <div class="form-check">
+			          <input type="checkbox" class="form-check-input" id="revokeSessions" name="revoke_sessions" value="1">
+			          <label class="form-check-label font-weight-bold" for="revokeSessions">Revoke all log-out all existing sessions</label>
+			        </div>
+			      </div>
+			    </div>
 			    <div class="form-group row">
 			      <div class="col-12 text-right">
 			        <button type="submit" class="btn btn-primary font-weight-bold py-0 px-5">{{__('settings.submit')}}</button>