Add CLI command to expire all sessions.

backend/rvoc-backend/src/cli/mod.rs

@@ -42,6 +42,10 @@ enum Cli {
     /// Note that this does not expire all sessions.
     ExpireAllPasswords,
 
+    /// Expire all sessions of all users.
+    /// This should always succeed, and sessions that are updated simultaneously should be be logged out anyways.
+    ExpireAllSessions,
+
     /// Set the password of a user.
     /// If no password is given, then it is read from stdin.
     SetPassword {
@@ -74,6 +78,7 @@ pub async fn run_cli_command(configuration: &Configuration) -> RVocResult<()> {
         }
         Cli::ApplyMigrations => apply_pending_database_migrations(configuration).await?,
         Cli::ExpireAllPasswords => expire_all_passwords(configuration).await?,
+        Cli::ExpireAllSessions => expire_all_sessions(configuration).await?,
         Cli::SetPassword { username, password } => {
             set_password(username, password, configuration).await?
         }
@@ -161,6 +166,34 @@ async fn expire_all_passwords(configuration: &Configuration) -> RVocResult<()> {
     Ok(())
 }
 
+#[instrument(err, skip(configuration))]
+async fn expire_all_sessions(configuration: &Configuration) -> RVocResult<()> {
+    let database_connection_pool = create_async_database_connection_pool(configuration).await?;
+
+    database_connection_pool
+        .execute_read_committed_transaction(
+            |database_connection| {
+                Box::pin(async {
+                    use crate::database::schema::sessions::dsl::*;
+
+                    diesel::delete(sessions)
+                        .execute(database_connection)
+                        .await
+                        .map_err(|error| {
+                            RVocError::ExpireAllSessions {
+                                source: Box::new(error),
+                            }
+                            .into()
+                        })
+                })
+            },
+            configuration.maximum_transaction_retry_count,
+        )
+        .await?;
+
+    Ok(())
+}
+
 #[instrument(err, skip(configuration))]
 async fn set_password(
     username: String,

backend/rvoc-backend/src/error/mod.rs

@@ -90,6 +90,9 @@ pub enum RVocError {
     #[error("error expiring all passwords: {source}")]
     ExpireAllPasswords { source: BoxDynError },
 
+    #[error("error expiring all sessions: {source}")]
+    ExpireAllSessions { source: BoxDynError },
+
     #[error("error reading password from stdin: {source}")]
     ReadPasswordFromStdin { source: BoxDynError },