added persisting tokenID after password changes on changing session

backend/pkg/db/users/users.go

@@ -70,10 +70,10 @@ type UserChangePassword struct {
 	Password string `json:"password" validate:"required,min=12"`
 }
 
-func ChangePassword(user UserChangePassword) error {
+func ChangePassword(user UserChangePassword) (string, error) {
 	// try to hash teh password
 	if hash, err := hashPassword(user.Password); err != nil {
-		return err
+		return "", err
 	} else {
 		execStruct := struct {
 			UserName string `db:"userName"`
@@ -86,11 +86,11 @@ func ChangePassword(user UserChangePassword) error {
 		}
 
 		if _, err := db.DB.NamedExec("UPDATE USERS SET tokenID = :tokenID, password = :password WHERE name = :userName", execStruct); err != nil {
-			return err
+			return "", err
 		} else {
 			refresh()
 
-			return nil
+			return execStruct.TokenID, nil
 		}
 	}
 }

backend/pkg/router/user.go

@@ -51,10 +51,24 @@ func patchPassword(args HandlerArgs) responseMessage {
 			response.Status = fiber.StatusBadRequest
 
 			logger.Info().Msgf("invalid body: %v", err)
-		} else if err := users.ChangePassword(body); err != nil {
+		} else if tokenID, err := users.ChangePassword(body); err != nil {
 			response.Status = fiber.StatusInternalServerError
 
 			logger.Error().Msgf("can't update password: %v", err)
+
+			// sign a new JWT with the new tokenID
+		} else if jwt, err := config.SignJWT(JWTPayload{
+			UserName: body.UserName,
+			TokenID:  tokenID,
+
+			// if something failed, remove the current session-cookie
+		}); err != nil {
+			removeSessionCookie(args.C)
+
+			// set the new session-cookie
+		} else {
+			// update the token in the session-cookie
+			setSessionCookie(args.C, &jwt)
 		}
 	}