Ensure password resets revoke access to Streaming API

app/models/user.rb

@@ -359,6 +359,13 @@ class User < ApplicationRecord
     Doorkeeper::AccessToken.by_resource_owner(self).in_batches do |batch|
       batch.update_all(revoked_at: Time.now.utc)
       Web::PushSubscription.where(access_token_id: batch).delete_all
+
+      # Revoke each access token for the Streaming API, since `update_all``
+      # doesn't trigger ActiveRecord Callbacks:
+      # TODO: #28793 Combine into a single topic
+      batch.each do |token|
+        redis.publish("timeline:access_token:#{token.id}", Oj.dump(event: :kill))
+      end
     end
   end