feat: clear password & email tokens when appropriate (#3567)

* test: password tokens are generated and deleted on password change
* chore: delete all password tokens when the password is changed
* test: email tokens are generated and deleted on email change
* test: email tokens are deleted after password reset
* chore: delete email tokens after password change
* test: password tokens are deleted after email change
* chore: delete password tokens after email change
* chore: syntactic sugar
* chore: unify event listening

php-packages/testing/src/integration/BuildsHttpRequests.php

@@ -14,6 +14,7 @@ use Dflydev\FigCookies\SetCookie;
 use Illuminate\Support\Str;
 use Laminas\Diactoros\CallbackStream;
 use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface;
 use Psr\Http\Message\ServerRequestInterface as Request;
 
 /**
@@ -66,4 +67,15 @@ trait BuildsHttpRequests
 
         return $req->withCookieParams($cookies);
     }
+
+    protected function requestWithCsrfToken(ServerRequestInterface $request): ServerRequestInterface
+    {
+        $initial = $this->send(
+            $this->request('GET', '/')
+        );
+
+        $token = $initial->getHeaderLine('X-CSRF-Token');
+
+        return $this->requestWithCookiesFrom($request->withHeader('X-CSRF-Token', $token), $initial);
+    }
 }