deleting password

Femto.Modules.Auth/Models/DomainEventHandlers/UserPasswordChangedHandler.cs

@@ -0,0 +1,22 @@
+using Femto.Modules.Auth.Data;
+using Femto.Modules.Auth.Models.Events;
+using MediatR;
+using Microsoft.EntityFrameworkCore;
+
+namespace Femto.Modules.Auth.Models.DomainEventHandlers;
+
+internal class UserPasswordChangedHandler(AuthContext context)
+    : INotificationHandler<UserWasCreatedEvent>
+{
+    public async Task Handle(UserWasCreatedEvent notification, CancellationToken cancellationToken)
+    {
+        var longTermSessions = await context
+            .LongTermSessions.Where(s => s.UserId == notification.User.Id)
+            .ToListAsync(cancellationToken);
+        
+        foreach (var session in longTermSessions)
+        {
+            session.Invalidate();
+        }
+    }
+}

Femto.Modules.Auth/Models/Events/UserPasswordChangedDomainEvent.cs

@@ -0,0 +1,5 @@
+using Femto.Common.Domain;
+
+namespace Femto.Modules.Auth.Models.Events;
+
+internal record UserPasswordChangedDomainEvent(UserIdentity User) : DomainEvent;

Femto.Modules.Auth/Models/LongTermSession.cs

@@ -18,6 +18,8 @@ public class LongTermSession
     public DateTimeOffset Expires { get; private set; }
 
     public Guid UserId { get; private set; }
+    
+    public bool IsInvalidated { get; private set; }
 
     [NotMapped]
     public bool ExpiresSoon => this.Expires < DateTimeOffset.UtcNow + RefreshBuffer;
@@ -46,8 +48,11 @@ public class LongTermSession
         return (longTermSession, verifier);
     }
 
-    public bool Validate(string verifier)
+    public bool CheckVerifier(string verifier)
     {
+        if (this.IsInvalidated)
+            return false;
+        
         if (this.Expires < DateTimeOffset.UtcNow)
             return false;
 
@@ -60,4 +65,9 @@ public class LongTermSession
         var hashedVerifier = sha256.ComputeHash(Encoding.UTF8.GetBytes(verifier));
         return hashedVerifier;
     }
+    
+    public void Invalidate()
+    {
+        this.IsInvalidated = true;
+    }
 }

Femto.Modules.Auth/Models/Session.cs

@@ -4,7 +4,7 @@ namespace Femto.Modules.Auth.Models;
 
 public class Session(Guid userId, bool isStrong)
 {
-    private static readonly  TimeSpan ValidityPeriod = TimeSpan.FromMinutes(15);
+    public static readonly  TimeSpan ValidityPeriod = TimeSpan.FromMinutes(15);
     private static readonly TimeSpan RefreshBuffer = TimeSpan.FromMinutes(5);
     public string Id { get; } = Convert.ToBase64String(GetBytes(32));
     public Guid UserId { get; } = userId;

Femto.Modules.Auth/Models/UserIdentity.cs

@@ -28,6 +28,8 @@ internal class UserIdentity : Entity
 
     public void SetPassword(string password)
     {
+        if (this.Password is not null)
+            this.AddDomainEvent(new UserPasswordChangedDomainEvent(this));
         this.Password = new Password(password);
     }