deepcrayon/lila
deepcrayon/lila
1
0
Fork 0
Code Releases Activity

invalidate cached client tokens

Browse source
This commit is contained in:
Niklas Fiekas 2021-06-20 00:16:41 +02:00
parent 438c43d29f
commit a2e63d82bd
3 changed files with 30 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
app/controllers/OAuth.scala
View file

@ -105,8 +105,13 @@ final class OAuth(env: Env) extends LilaController(env) {
revokeClientForm revokeClientForm
.bindFromRequest() .bindFromRequest()
.fold( .fold(
_ => funit, _ => BadRequest.fuccess,
origin => env.oAuth.tokenApi.revokeByClientOrigin(origin, me) // TODO: also remove from token cache origin =>
env.oAuth.tokenApi.revokeByClientOrigin(origin, me) map {
_ foreach { token =>
env.oAuth.server.deleteCached(token)
}
} inject NoContent
) )
} }

2
app/views/account/security.scala
View file

@ -22,7 +22,7 @@ object security {
account.layout(title = s"${u.username} - ${trans.security.txt()}", active = "security") { account.layout(title = s"${u.username} - ${trans.security.txt()}", active = "security") {
div(cls := "account security")( div(cls := "account security")(
div(cls := "box")( div(cls := "box")(
h1(trans.sessions()), h1(trans.security()),
standardFlash(cls := "box__pad"), standardFlash(cls := "box__pad"),
div(cls := "box__pad")( div(cls := "box__pad")(
p( p(

31
modules/oauth/src/main/AccessTokenApi.scala
View file

@ -63,8 +63,8 @@ final class AccessTokenApi(colls: OauthColls)(implicit ec: scala.concurrent.Exec
) -> List( ) -> List(
UnwindField(F.scopes), UnwindField(F.scopes),
GroupField(F.clientOrigin)( GroupField(F.clientOrigin)(
F.usedAt -> MaxField(F.usedAt), F.usedAt -> MaxField(F.usedAt),
F.scopes -> AddFieldToSet(F.scopes) F.scopes -> AddFieldToSet(F.scopes)
), ),
Sort(Descending(F.usedAt)) Sort(Descending(F.usedAt))
) )
@ -74,21 +74,34 @@ final class AccessTokenApi(colls: OauthColls)(implicit ec: scala.concurrent.Exec
for { for {
doc <- docs doc <- docs
origin <- doc.getAsOpt[String]("_id") origin <- doc.getAsOpt[String]("_id")
usedAt = doc.getAsOpt[DateTime](F.usedAt) usedAt = doc.getAsOpt[DateTime](F.usedAt)
scopes <- doc.getAsOpt[List[OAuthScope]](F.scopes) scopes <- doc.getAsOpt[List[OAuthScope]](F.scopes)
} yield AccessTokenApi.Client(origin, usedAt, scopes) } yield AccessTokenApi.Client(origin, usedAt, scopes)
} }
def revokeByClientOrigin(clientOrigin: String, user: User): Funit = def revokeByClientOrigin(clientOrigin: String, user: User): Fu[List[AccessToken.Id]] =
colls.token { colls.token { coll =>
_.delete coll
.one( .find(
$doc( $doc(
F.userId -> user.id, F.userId -> user.id,
F.clientOrigin -> clientOrigin F.clientOrigin -> clientOrigin
) ),
$doc(F.id -> 1).some
) )
.void .sort($sort desc F.usedAt)
.cursor[Bdoc]()
.list(100)
.flatMap { invalidate =>
coll.delete
.one(
$doc(
F.userId -> user.id,
F.clientOrigin -> clientOrigin
)
)
.inject(invalidate.flatMap(_.getAsOpt[AccessToken.Id](F.id)))
}
} }
def revokeByPublicId(publicId: String, user: User): Fu[Option[AccessToken]] = def revokeByPublicId(publicId: String, user: User): Fu[Option[AccessToken]] =