From 9bc1c9d40a1a6c4dff3022a3490228dfa3a0da5d Mon Sep 17 00:00:00 2001
From: Eugene <inbox@null.page>
Date: Fri, 23 May 2025 22:03:39 +0200
Subject: [PATCH] fixed #1346 - changing own password does not remove existing
 passwors

---
 warpgate-protocol-http/src/api/credentials.rs | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/warpgate-protocol-http/src/api/credentials.rs b/warpgate-protocol-http/src/api/credentials.rs
index dc4c2d04..9e02165d 100644
--- a/warpgate-protocol-http/src/api/credentials.rs
+++ b/warpgate-protocol-http/src/api/credentials.rs
@@ -236,6 +236,12 @@ impl Api {
             return Ok(ChangePasswordResponse::Unauthorized);
         };
 
+        entities::PasswordCredential::Entity::delete_many()
+            .filter(entities::PasswordCredential::Column::UserId.eq(user_model.id))
+            .exec(&*db)
+            .await
+            .map_err(WarpgateError::from)?;
+
         let new_credential = entities::PasswordCredential::ActiveModel {
             id: Set(Uuid::new_v4()),
             user_id: Set(user_model.id),