From 208dc38d25e0d18eb9454fb3d1e1fd5068dfc2b8 Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Tue, 23 Jan 2018 11:40:51 -0500 Subject: [PATCH] Allow expired app specific tokens to be deleted --- data/model/appspecifictoken.py | 11 +++++++++++ endpoints/api/appspecifictokens.py | 4 +--- endpoints/api/test/test_appspecifictoken.py | 13 +++++++++++++ 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/data/model/appspecifictoken.py b/data/model/appspecifictoken.py index a9df58606..5cb619390 100644 --- a/data/model/appspecifictoken.py +++ b/data/model/appspecifictoken.py @@ -39,6 +39,17 @@ def revoke_token(token): token.delete_instance() +def revoke_token_by_uuid(uuid, owner): + """ Revokes an app specific token by deleting it. """ + try: + token = AppSpecificAuthToken.get(uuid=uuid, user=owner) + except AppSpecificAuthToken.DoesNotExist: + return None + + revoke_token(token) + return token + + def get_expiring_tokens(user, soon): """ Returns all tokens owned by the given user that will be expiring "soon", where soon is defined by the soon parameter (a timedelta from now). diff --git a/endpoints/api/appspecifictokens.py b/endpoints/api/appspecifictokens.py index a387d82bb..5790626f2 100644 --- a/endpoints/api/appspecifictokens.py +++ b/endpoints/api/appspecifictokens.py @@ -122,12 +122,10 @@ class AppToken(ApiResource): @nickname('revokeAppToken') def delete(self, token_uuid): """ Revokes a specific app token for the user. """ - token = model.appspecifictoken.get_token_by_uuid(token_uuid, owner=get_authenticated_user()) + token = model.appspecifictoken.revoke_token_by_uuid(token_uuid, owner=get_authenticated_user()) if token is None: raise NotFound() - model.appspecifictoken.revoke_token(token) - log_action('revoke_app_specific_token', get_authenticated_user().username, {'app_specific_token_title': token.title, 'app_specific_token': token.uuid}) diff --git a/endpoints/api/test/test_appspecifictoken.py b/endpoints/api/test/test_appspecifictoken.py index f71c306e7..28e2bcd00 100644 --- a/endpoints/api/test/test_appspecifictoken.py +++ b/endpoints/api/test/test_appspecifictoken.py @@ -1,3 +1,6 @@ +from datetime import datetime, timedelta + +from data import model from endpoints.api.appspecifictokens import AppTokens, AppToken from endpoints.api.test.shared import conduct_api_call from endpoints.test.shared import client_with_identity @@ -35,3 +38,13 @@ def test_app_specific_tokens(app, client): assert token_uuid not in set([token['uuid'] for token in resp['tokens']]) conduct_api_call(cl, AppToken, 'GET', {'token_uuid': token_uuid}, None, 404) + + +def test_delete_expired_app_token(app, client): + user = model.user.get_user('devtable') + expiration = datetime.now() - timedelta(seconds=10) + token = model.appspecifictoken.create_token(user, 'some token', expiration) + + with client_with_identity('devtable', client) as cl: + # Delete the token. + conduct_api_call(cl, AppToken, 'DELETE', {'token_uuid': token.uuid}, None, 204)