From a1d4e448eaef1cf8f7d4a90571b84f319000c852 Mon Sep 17 00:00:00 2001
From: Jason Volk <jason@zemos.net>
Date: Fri, 3 Mar 2023 12:13:47 -0800
Subject: [PATCH] modules/client/devices: Revoke access tokens when devices
 deleted.

---
 modules/client/delete_devices.cc | 18 ++++++++++++++++--
 modules/client/devices.cc        | 10 ++++++++++
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/modules/client/delete_devices.cc b/modules/client/delete_devices.cc
index b55a0c249..f3446e29d 100644
--- a/modules/client/delete_devices.cc
+++ b/modules/client/delete_devices.cc
@@ -74,12 +74,26 @@ post__delete_devices(client &client,
 		request.user_id
 	};
 
+	const m::user::tokens access_tokens
+	{
+		request.user_id
+	};
+
+	size_t revoked(0);
 	for(const json::string device_id : devices)
-		user_devices.del(device_id);
+		revoked += access_tokens.del_by_device(device_id, "device deleted");
+
+	size_t deleted(0);
+	for(const json::string device_id : devices)
+		deleted += user_devices.del(device_id);
 
 	return m::resource::response
 	{
-		client, http::OK
+		client, json::members
+		{
+			{ "deleted", long(deleted) },
+			{ "revoked", long(revoked) },
+		}
 	};
 }
 
diff --git a/modules/client/devices.cc b/modules/client/devices.cc
index 7c6c0d54d..d58d7378f 100644
--- a/modules/client/devices.cc
+++ b/modules/client/devices.cc
@@ -193,6 +193,16 @@ delete__devices(client &client,
 			"Incorrect password."
 		};
 
+	const m::user::tokens tokens
+	{
+		request.user_id
+	};
+
+	const size_t revoked
+	{
+		tokens.del_by_device(device_id)
+	};
+
 	const m::user::devices devices
 	{
 		request.user_id