🔒 fix: resolve session persistence post password reset

[berry-13]

Summary

Closes #5072

Description:

• 🎯 Objective: Enhance the session management system to resolve the bug where user sessions persist after a password reset, address potential security risks, and update the session handling logic for better account security
• 🐛 Bug Fix: Ensures old sessions are invalidated upon password reset to prevent use with an outdated password, enhancing security

Key Changes:

• 🏗️ Modularization: Created a new session.js for the session schema and updated relevant models to import this schema
• 🛠️ Method Addition: Introduced createSession, findSession, updateExpiration, deleteSession, deleteAllUserSessions, generateRefreshToken, and countActiveSessions
• ⚙️ Controllers & Services Update: Auth & User controllers, along with AuthService, now utilize these new methods for better session handling

Files Modified:

• 📁 Models:

  • api/models/Session.js: Refactor with new methods and error handling
  • api/models/schema/session.js: New session schema

• 📊 Controllers:

  • api/server/controllers/AuthController.js: Shifted to using findSession and deleteAllUserSessions
  • api/server/controllers/UserController.js: Utilizes deleteAllUserSessions

• 👩‍💻 Services:

  • api/server/services/AuthService.js: Refactored for the new session methods

• 🗂️ Miscellaneous:

  • api/models/index.js: Updated export strategy
  • e2e/setup/cleanupUser.ts: Test script updates for session cleanup

Change Type

• Bug fix (non-breaking change which fixes an issue)
• refactor

Testing

Test Configuration:

Checklist

• My code adheres to this project's style guidelines
• I have performed a self-review of my own code
• I have commented in any complex areas of my code
• My changes do not introduce new warnings
• Local unit tests pass with my changes
• Any changes dependent on mine have been merged and published in downstream modules.

[danny-avila]

Thanks, please check failing tests next time