Kick other sessions when changing password (#13194)

* Kick other session when changing password
Invalidate other sessions when a user password gets changed

* Don't logout admin users when they change passwords.
Cleanup phpstan exceptions

* only restore user if needed

* comment odd behavior

* $current_user typehint

LibreNMS/Authentication/MysqlAuthorizer.php

@@ -18,7 +18,7 @@ class MysqlAuthorizer extends AuthorizerBase
         $username = $credentials['username'] ?? null;
         $password = $credentials['password'] ?? null;
 
-        $user_data = User::thisAuth()->where(['username' => $username])->select('password', 'enabled')->first();
+        $user_data = User::thisAuth()->firstWhere(['username' => $username]);
         $hash = $user_data->password;
         $enabled = $user_data->enabled;
 
@@ -27,8 +27,10 @@ class MysqlAuthorizer extends AuthorizerBase
         }
 
         if (Hash::check($password, $hash)) {
+            // Check if hash algorithm is current and update it if it is not
             if (Hash::needsRehash($hash)) {
-                $this->changePassword($username, $password);
+                $user_data->setPassword($password);
+                $user_data->save();
             }
 
             return true;
@@ -53,25 +55,6 @@ class MysqlAuthorizer extends AuthorizerBase
         }
     }
 
-    public function changePassword($username, $password)
-    {
-        // check if updating passwords is allowed (mostly for classes that extend this)
-        if (! static::$CAN_UPDATE_PASSWORDS) {
-            return false;
-        }
-
-        /** @var User $user */
-        $user = User::thisAuth()->where('username', $username)->first();
-
-        if ($user) {
-            $user->setPassword($password);
-
-            return $user->save();
-        }
-
-        return false;
-    }
-
     public function addUser($username, $password, $level = 0, $email = '', $realname = '', $can_modify_passwd = 1, $descr = '')
     {
         $user_array = get_defined_vars();