Allow expired app specific tokens to be deleted
This commit is contained in:
Joseph Schorr
parent
b29e8202e5
commit
208dc38d25
3 changed files with 25 additions and 3 deletions
|
|
@ -39,6 +39,17 @@ def revoke_token(token):
|
||||||
token.delete_instance()
|
token.delete_instance()
|
||||||
|
|
||||||
|
|
||||||
|
def revoke_token_by_uuid(uuid, owner):
|
||||||
|
""" Revokes an app specific token by deleting it. """
|
||||||
|
try:
|
||||||
|
token = AppSpecificAuthToken.get(uuid=uuid, user=owner)
|
||||||
|
except AppSpecificAuthToken.DoesNotExist:
|
||||||
|
return None
|
||||||
|
|
||||||
|
revoke_token(token)
|
||||||
|
return token
|
||||||
|
|
||||||
|
|
||||||
def get_expiring_tokens(user, soon):
|
def get_expiring_tokens(user, soon):
|
||||||
""" Returns all tokens owned by the given user that will be expiring "soon", where soon is defined
|
""" Returns all tokens owned by the given user that will be expiring "soon", where soon is defined
|
||||||
by the soon parameter (a timedelta from now).
|
by the soon parameter (a timedelta from now).
|
||||||
|
|
|
||||||
|
|
@ -122,12 +122,10 @@ class AppToken(ApiResource):
|
||||||
@nickname('revokeAppToken')
|
@nickname('revokeAppToken')
|
||||||
def delete(self, token_uuid):
|
def delete(self, token_uuid):
|
||||||
""" Revokes a specific app token for the user. """
|
""" Revokes a specific app token for the user. """
|
||||||
token = model.appspecifictoken.get_token_by_uuid(token_uuid, owner=get_authenticated_user())
|
token = model.appspecifictoken.revoke_token_by_uuid(token_uuid, owner=get_authenticated_user())
|
||||||
if token is None:
|
if token is None:
|
||||||
raise NotFound()
|
raise NotFound()
|
||||||
|
|
||||||
model.appspecifictoken.revoke_token(token)
|
|
||||||
|
|
||||||
log_action('revoke_app_specific_token', get_authenticated_user().username,
|
log_action('revoke_app_specific_token', get_authenticated_user().username,
|
||||||
{'app_specific_token_title': token.title,
|
{'app_specific_token_title': token.title,
|
||||||
'app_specific_token': token.uuid})
|
'app_specific_token': token.uuid})
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,6 @@
|
||||||
|
from datetime import datetime, timedelta
|
||||||
|
|
||||||
|
from data import model
|
||||||
from endpoints.api.appspecifictokens import AppTokens, AppToken
|
from endpoints.api.appspecifictokens import AppTokens, AppToken
|
||||||
from endpoints.api.test.shared import conduct_api_call
|
from endpoints.api.test.shared import conduct_api_call
|
||||||
from endpoints.test.shared import client_with_identity
|
from endpoints.test.shared import client_with_identity
|
||||||
|
|
@ -35,3 +38,13 @@ def test_app_specific_tokens(app, client):
|
||||||
assert token_uuid not in set([token['uuid'] for token in resp['tokens']])
|
assert token_uuid not in set([token['uuid'] for token in resp['tokens']])
|
||||||
|
|
||||||
conduct_api_call(cl, AppToken, 'GET', {'token_uuid': token_uuid}, None, 404)
|
conduct_api_call(cl, AppToken, 'GET', {'token_uuid': token_uuid}, None, 404)
|
||||||
|
|
||||||
|
|
||||||
|
def test_delete_expired_app_token(app, client):
|
||||||
|
user = model.user.get_user('devtable')
|
||||||
|
expiration = datetime.now() - timedelta(seconds=10)
|
||||||
|
token = model.appspecifictoken.create_token(user, 'some token', expiration)
|
||||||
|
|
||||||
|
with client_with_identity('devtable', client) as cl:
|
||||||
|
# Delete the token.
|
||||||
|
conduct_api_call(cl, AppToken, 'DELETE', {'token_uuid': token.uuid}, None, 204)
|
||||||
|
|
|
||||||
Reference in a new issue