Skip to content

feat: delete API token in /logout API #1770

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 19 commits into from
May 27, 2022
Merged

feat: delete API token in /logout API #1770

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
5c062df
delete API token in logout api
AbhineetJain May 26, 2022
77880f1
add deleteapikeybyid to databasefake
AbhineetJain May 26, 2022
994a294
delete api key in logout inline
AbhineetJain May 26, 2022
094498a
set blank cookie on logout always
AbhineetJain May 26, 2022
eb12bee
refactor logout flow, add unit tests
AbhineetJain May 26, 2022
8bb5713
update logout messsage
AbhineetJain May 26, 2022
fd56d39
use read-only file mode for windows
AbhineetJain May 26, 2022
492db6a
fix file mode on windows for cleanup
AbhineetJain May 26, 2022
5fa278d
Merge branch 'main' into abhineetjain/delete-session-token-api
AbhineetJain May 26, 2022
2ad0fbc
change file permissions on windows
AbhineetJain May 27, 2022
fd9231d
Merge branch 'main' into abhineetjain/delete-session-token-api
AbhineetJain May 27, 2022
a49b16f
Merge branch 'main' into abhineetjain/delete-session-token-api
AbhineetJain May 27, 2022
9a3731d
assert error is not nil
AbhineetJain May 27, 2022
c38a0f5
refactor cli
AbhineetJain May 27, 2022
a19e092
try different file mode on windows
AbhineetJain May 27, 2022
c82c661
try different file mode on windows
AbhineetJain May 27, 2022
a76d136
Merge branch 'main' into abhineetjain/delete-session-token-api
AbhineetJain May 27, 2022
84ec351
try keeping the files open on Windows
AbhineetJain May 27, 2022
6707efa
fix the error message on Windows
AbhineetJain May 27, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 11 additions & 1 deletion cli/logout.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,16 @@ func logout() *cobra.Command {
Use: "logout",
Short: "Remove the local authenticated session",
RunE: func(cmd *cobra.Command, args []string) error {
client, err := createClient(cmd)
if err != nil {
return err
}

var isLoggedOut bool

config := createConfig(cmd)

_, err := cliui.Prompt(cmd, cliui.PromptOptions{
_, err = cliui.Prompt(cmd, cliui.PromptOptions{
Text: "Are you sure you want to logout?",
IsConfirm: true,
Default: "yes",
Expand Down Expand Up @@ -54,6 +59,11 @@ func logout() *cobra.Command {
return xerrors.Errorf("remove organization file: %w", err)
}

err = client.Logout(cmd.Context())
if err != nil {
return xerrors.Errorf("logout: %w", err)
}

// If the user was already logged out, we show them a different message
if isLoggedOut {
_, _ = fmt.Fprintf(cmd.OutOrStdout(), notLoggedInMessage+"\n")
Expand Down
15 changes: 15 additions & 0 deletions coderd/database/databasefake/databasefake.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,21 @@ func (q *fakeQuerier) GetAPIKeyByID(_ context.Context, id string) (database.APIK
return database.APIKey{}, sql.ErrNoRows
}

func (q *fakeQuerier) DeleteAPIKeyByID(_ context.Context, id string) error {
q.mutex.Lock()
defer q.mutex.Unlock()

for index, apiKey := range q.apiKeys {
if apiKey.ID != id {
continue
}
q.apiKeys[index] = q.apiKeys[len(q.apiKeys)-1]
q.apiKeys = q.apiKeys[:len(q.apiKeys)-1]
return nil
}
return sql.ErrNoRows
}

func (q *fakeQuerier) GetFileByHash(_ context.Context, hash string) (database.File, error) {
q.mutex.RLock()
defer q.mutex.RUnlock()
Expand Down
1 change: 1 addition & 0 deletions coderd/database/querier.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

13 changes: 13 additions & 0 deletions coderd/database/queries.sql.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 7 additions & 0 deletions coderd/database/queries/apikeys.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,3 +38,10 @@ SET
oauth_expiry = $6
WHERE
id = $1;

-- name: DeleteAPIKeyByID :exec
DELETE
FROM
api_keys
WHERE
id = $1;
20 changes: 19 additions & 1 deletion coderd/users.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -670,7 +670,13 @@ func (api *api) postAPIKey(rw http.ResponseWriter, r *http.Request) {
}

// Clear the user's session cookie
func (*api) postLogout(rw http.ResponseWriter, _ *http.Request) {
func (api *api) postLogout(rw http.ResponseWriter, r *http.Request) {
// Delete the session token from database
ok := api.deleteAPIKey(rw, r)
if !ok {
return
}

// Get a blank token cookie
cookie := &http.Cookie{
// MaxAge < 0 means to delete the cookie now
Expand Down Expand Up @@ -743,6 +749,18 @@ func (api *api) createAPIKey(rw http.ResponseWriter, r *http.Request, params dat
return sessionToken, true
}

func (api *api) deleteAPIKey(rw http.ResponseWriter, r *http.Request) bool {
apiKey := httpmw.APIKey(r)
err := api.Database.DeleteAPIKeyByID(r.Context(), apiKey.ID)
if err != nil {
httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
Message: fmt.Sprintf("delete api key: %s", err.Error()),
})
return false
}
return true
}

func (api *api) createUser(ctx context.Context, req codersdk.CreateUserRequest) (database.User, uuid.UUID, error) {
var user database.User
return user, req.OrganizationID, api.Database.InTx(func(db database.Store) error {
Expand Down