feat(api): add password reset and change to user service (#6036)

* feat(api): add password reset and change to user service

* integration tests

* invalidate password check after password change

* handle notification type

* fix proto

internal/query/projection/session.go

@@ -10,6 +10,7 @@ import (
 	"github.com/zitadel/zitadel/internal/eventstore/handler/crdb"
 	"github.com/zitadel/zitadel/internal/repository/instance"
 	"github.com/zitadel/zitadel/internal/repository/session"
+	"github.com/zitadel/zitadel/internal/repository/user"
 )
 
 const (
@@ -107,6 +108,15 @@ func (p *sessionProjection) reducers() []handler.AggregateReducer {
 				},
 			},
 		},
+		{
+			Aggregate: user.AggregateType,
+			EventRedusers: []handler.EventReducer{
+				{
+					Event:  user.HumanPasswordChangedType,
+					Reduce: p.reducePasswordChanged,
+				},
+			},
+		},
 	}
 }
 
@@ -245,3 +255,21 @@ func (p *sessionProjection) reduceSessionTerminated(event eventstore.Event) (*ha
 		},
 	), nil
 }
+
+func (p *sessionProjection) reducePasswordChanged(event eventstore.Event) (*handler.Statement, error) {
+	e, ok := event.(*user.HumanPasswordChangedEvent)
+	if !ok {
+		return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Deg3d", "reduce.wrong.event.type %s", user.HumanPasswordChangedType)
+	}
+
+	return crdb.NewUpdateStatement(
+		e,
+		[]handler.Column{
+			handler.NewCol(SessionColumnPasswordCheckedAt, nil),
+		},
+		[]handler.Condition{
+			handler.NewCond(SessionColumnUserID, e.Aggregate().ID),
+			crdb.NewLessThanCond(SessionColumnPasswordCheckedAt, e.CreationDate()),
+		},
+	), nil
+}