From 8f1af536edbea929d55baa4055ce47ef83cfc078 Mon Sep 17 00:00:00 2001
From: Chris Chen <yuanson.ch@gmail.com>
Date: Tue, 23 Jun 2026 19:52:21 -0700
Subject: [PATCH] fix(auth): make change-password session revocation null-safe
 for Npgsql

---
 API/ROLAC.API/Services/AuthService.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/API/ROLAC.API/Services/AuthService.cs b/API/ROLAC.API/Services/AuthService.cs
index 2155c75..bd7009e 100644
--- a/API/ROLAC.API/Services/AuthService.cs
+++ b/API/ROLAC.API/Services/AuthService.cs
@@ -186,7 +186,7 @@ public class AuthService : IAuthService
         var otherTokens = await _db.RefreshTokens
             .Where(rt => rt.UserId == userId
                       && rt.RevokedAt == null
-                      && rt.TokenHash != currentHash)
+                      && (currentHash == null || rt.TokenHash != currentHash))
             .ToListAsync();
 
         foreach (var token in otherTokens)