Fix FLEXIAPI-424 Logout when the password is correctly changed

Fix FLEXIAPI-425 Update the documentation regarding account_creation_request_token

flexiapi/app/Http/Controllers/Account/PasswordController.php

@@ -21,6 +21,7 @@ namespace App\Http\Controllers\Account;
 
 use App\Http\Controllers\Controller;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Log;
 
 class PasswordController extends Controller
@@ -46,12 +47,10 @@ class PasswordController extends Controller
 
         if ($account->passwords()->count() > 0) {
             Log::channel('events')->info('Web: Password changed', ['id' => $account->identifier]);
-
-            return redirect()->route('account.dashboard');
+            return redirect()->route('account.logout');
         }
 
         Log::channel('events')->info('Web: Password set for the first time', ['id' => $account->identifier]);
-
-        return redirect()->route('account.dashboard');
+        return redirect()->route('account.logout');
     }
 }

flexiapi/resources/views/api/documentation/account_tokens.blade.php

@@ -5,7 +5,7 @@ An `account_creation_request_token` is a unique token that can be validated and
 ### `POST /account_creation_request_tokens`
 <span class="badge badge-success">Public</span>
 
-Create and return an `account_creation_request_token` that should then be validated to be used.
+Create and return an `account_creation_request_token` that should then be validated to be used, often using a browser CAPTCHA.
 
 ## Account Creation Tokens