Allow user to control if they are signed out of all devices when changing password (#8259)

Co-authored-by: Michael Telatynski <7t3chguy@gmail.com>

src/PasswordReset.ts

@@ -31,6 +31,7 @@ export default class PasswordReset {
     private clientSecret: string;
     private password: string;
     private sessionId: string;
+    private logoutDevices: boolean;
 
     /**
      * Configure the endpoints for password resetting.
@@ -50,10 +51,16 @@ export default class PasswordReset {
      * sending an email to the provided email address.
      * @param {string} emailAddress The email address
      * @param {string} newPassword The new password for the account.
+     * @param {boolean} logoutDevices Should all devices be signed out after the reset? Defaults to `true`.
      * @return {Promise} Resolves when the email has been sent. Then call checkEmailLinkClicked().
      */
-    public resetPassword(emailAddress: string, newPassword: string): Promise<IRequestTokenResponse> {
+    public resetPassword(
+        emailAddress: string,
+        newPassword: string,
+        logoutDevices = true,
+    ): Promise<IRequestTokenResponse> {
         this.password = newPassword;
+        this.logoutDevices = logoutDevices;
         return this.client.requestPasswordEmailToken(emailAddress, this.clientSecret, 1).then((res) => {
             this.sessionId = res.sid;
             return res;
@@ -90,7 +97,7 @@ export default class PasswordReset {
                 // See https://github.com/matrix-org/matrix-doc/issues/2220
                 threepid_creds: creds,
                 threepidCreds: creds,
-            }, this.password);
+            }, this.password, this.logoutDevices);
         } catch (err) {
             if (err.httpStatus === 401) {
                 err.message = _t('Failed to verify email address: make sure you clicked the link in the email');