reimplement programmatic oauth token revocation (#6629)
Niklas Fiekas
parent
47ea2c0652
commit
8ec792efaf
|
|
@ -9,6 +9,7 @@ import scalatags.Text.all.stringFrag
|
|||
import views._
|
||||
|
||||
import lila.api.Context
|
||||
import lila.common.HTTPRequest
|
||||
import lila.app._
|
||||
import lila.oauth.{ AccessToken, AccessTokenRequest, AuthorizationRequest, PersonalToken }
|
||||
|
||||
|
|
@ -86,11 +87,27 @@ final class OAuth(env: Env) extends LilaController(env) {
|
|||
}
|
||||
}
|
||||
|
||||
private val revokeTokenForm = Form(single("token" -> text))
|
||||
|
||||
def tokenRevoke =
|
||||
Action.async(parse.anyContent) { implicit req =>
|
||||
implicit def body = req.body
|
||||
val tokens = List(
|
||||
revokeTokenForm.bindFromRequest().value,
|
||||
HTTPRequest.bearer(req)
|
||||
).flatten
|
||||
if (tokens.isEmpty) BadRequest.fuccess
|
||||
else
|
||||
tokens.map { token =>
|
||||
env.oAuth.tokenApi.revoke(AccessToken.Id(token)) map env.oAuth.server.deleteCached
|
||||
}.sequenceFu inject NoContent
|
||||
}
|
||||
|
||||
private val revokeClientForm = Form(single("origin" -> text))
|
||||
|
||||
def revokeClient =
|
||||
AuthBody { implicit ctx => me =>
|
||||
implicit def req = ctx.body
|
||||
implicit def body = ctx.body
|
||||
revokeClientForm
|
||||
.bindFromRequest()
|
||||
.fold(
|
||||
|
|
@ -102,6 +119,5 @@ final class OAuth(env: Env) extends LilaController(env) {
|
|||
}
|
||||
} inject NoContent
|
||||
)
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -720,6 +720,7 @@ GET /oauth controllers.OAuth.authorize
|
|||
POST /oauth controllers.OAuth.authorizeApply
|
||||
POST /oauth/revoke-client controllers.OAuth.revokeClient
|
||||
POST /api/token controllers.OAuth.tokenApply
|
||||
POST /api/token/revoke controllers.OAuth.tokenRevoke
|
||||
GET /account/oauth/token controllers.OAuthToken.index
|
||||
GET /account/oauth/token/create controllers.OAuthToken.create
|
||||
POST /account/oauth/token/create controllers.OAuthToken.createApply
|
||||
|
|
|
|||
|
|
@ -94,6 +94,11 @@ final class AccessTokenApi(colls: OauthColls)(implicit ec: scala.concurrent.Exec
|
|||
} yield AccessTokenApi.Client(origin, usedAt, scopes)
|
||||
}
|
||||
|
||||
def revoke(token: AccessToken.Id): Fu[AccessToken.Id] =
|
||||
colls.token {
|
||||
_.delete.one($doc(F.id -> token)).inject(token)
|
||||
}
|
||||
|
||||
def revokeByClientOrigin(clientOrigin: String, user: User): Fu[List[AccessToken.Id]] =
|
||||
colls.token { coll =>
|
||||
coll
|
||||
|
|
@ -127,7 +132,6 @@ final class AccessTokenApi(colls: OauthColls)(implicit ec: scala.concurrent.Exec
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
object AccessTokenApi {
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ object OAuthScope {
|
|||
}
|
||||
|
||||
object Team {
|
||||
case object Read extends OAuthScope("team:read", "Read private team information")
|
||||
case object Read extends OAuthScope("team:read", "Read private team information")
|
||||
case object Write extends OAuthScope("team:write", "Join, leave, and manage teams")
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue