From a529072a230d8eef5d9cbd45de73653f6ecdecce Mon Sep 17 00:00:00 2001 From: Sattvik Chakravarthy Date: Thu, 19 Sep 2024 12:52:53 +0530 Subject: [PATCH] fix: revoke by client_id --- src/main/java/io/supertokens/oauth/OAuth.java | 8 +- .../io/supertokens/webserver/Webserver.java | 2 +- .../oauth/RevokeOAuthConsentSessionsAPI.java | 85 ------------------- .../api/oauth/RevokeOAuthTokensAPI.java | 70 +++++++++++++++ 4 files changed, 73 insertions(+), 92 deletions(-) delete mode 100644 src/main/java/io/supertokens/webserver/api/oauth/RevokeOAuthConsentSessionsAPI.java create mode 100644 src/main/java/io/supertokens/webserver/api/oauth/RevokeOAuthTokensAPI.java diff --git a/src/main/java/io/supertokens/oauth/OAuth.java b/src/main/java/io/supertokens/oauth/OAuth.java index 63b005aa4..525f75f67 100644 --- a/src/main/java/io/supertokens/oauth/OAuth.java +++ b/src/main/java/io/supertokens/oauth/OAuth.java @@ -468,13 +468,9 @@ public static JsonObject introspectAccessToken(Main main, AppIdentifier appIdent return result; } - public static void revokeAllConsentSessions(Main main, AppIdentifier appIdentifier, Storage storage, String subject, String clientId) throws StorageQueryException { + public static void revokeTokensForClientId(Main main, AppIdentifier appIdentifier, Storage storage, String clientId) throws StorageQueryException { OAuthStorage oauthStorage = StorageUtils.getOAuthStorage(storage); - if (clientId == null) { - oauthStorage.revoke(appIdentifier, "sub", subject); - } else { - oauthStorage.revoke(appIdentifier, "client_id_sub", clientId + ":" + subject); - } + oauthStorage.revoke(appIdentifier, "client_id", clientId); } public static void revokeRefreshToken(Main main, AppIdentifier appIdentifier, Storage storage, String token) throws StorageQueryException, NoSuchAlgorithmException { diff --git a/src/main/java/io/supertokens/webserver/Webserver.java b/src/main/java/io/supertokens/webserver/Webserver.java index 2122c1d48..db535b47f 100644 --- a/src/main/java/io/supertokens/webserver/Webserver.java +++ b/src/main/java/io/supertokens/webserver/Webserver.java @@ -286,7 +286,7 @@ private void setupRoutes() { addAPI(new OAuthTokenIntrospectAPI(main)); addAPI(new RevokeOAuthTokenAPI(main)); - addAPI(new RevokeOAuthConsentSessionsAPI(main)); + addAPI(new RevokeOAuthTokensAPI(main)); addAPI(new RevokeOAuthSessionAPI(main)); StandardContext context = tomcatReference.getContext(); diff --git a/src/main/java/io/supertokens/webserver/api/oauth/RevokeOAuthConsentSessionsAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/RevokeOAuthConsentSessionsAPI.java deleted file mode 100644 index dd63d7ebc..000000000 --- a/src/main/java/io/supertokens/webserver/api/oauth/RevokeOAuthConsentSessionsAPI.java +++ /dev/null @@ -1,85 +0,0 @@ -package io.supertokens.webserver.api.oauth; - -import java.io.IOException; -import java.util.HashMap; -import java.util.Map; - -import com.google.gson.JsonObject; - -import io.supertokens.Main; -import io.supertokens.multitenancy.exception.BadPermissionException; -import io.supertokens.oauth.HttpRequestForOry; -import io.supertokens.oauth.OAuth; -import io.supertokens.pluginInterface.RECIPE_ID; -import io.supertokens.pluginInterface.Storage; -import io.supertokens.pluginInterface.exceptions.StorageQueryException; -import io.supertokens.pluginInterface.multitenancy.AppIdentifier; -import io.supertokens.pluginInterface.multitenancy.exceptions.TenantOrAppNotFoundException; -import io.supertokens.webserver.InputParser; -import io.supertokens.webserver.WebserverAPI; -import jakarta.servlet.ServletException; -import jakarta.servlet.http.HttpServletRequest; -import jakarta.servlet.http.HttpServletResponse; - -public class RevokeOAuthConsentSessionsAPI extends WebserverAPI { - - public RevokeOAuthConsentSessionsAPI(Main main){ - super(main, RECIPE_ID.OAUTH.toString()); - } - - @Override - public String getPath() { - return "/recipe/oauth/sessions/consent/revoke"; - } - - @Override - protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException, ServletException { - JsonObject input = InputParser.parseJsonObjectOrThrowError(req); - Boolean all = InputParser.parseBooleanOrThrowError(input, "all", true); - String subject = InputParser.parseStringOrThrowError(input, "subject", false); - String clientId = InputParser.parseStringOrThrowError(input, "client", false); - - try { - AppIdentifier appIdentifier = getAppIdentifier(req); - Storage storage = enforcePublicTenantAndGetPublicTenantStorage(req); - - Map queryParams = new HashMap<>(); - queryParams.put("subject", subject); - if (clientId != null) { - queryParams.put("client", clientId); - } - if (all != null) { - queryParams.put("all", all.toString()); - } - - OAuth.revokeAllConsentSessions(main, appIdentifier, storage, subject, clientId); - - if (Boolean.TRUE.equals(all)) { - HttpRequestForOry.Response response = OAuthProxyHelper.proxyJsonDELETE( - main, req, resp, - appIdentifier, - storage, - null, // clientIdToCheck - "/oauth2/revoke", // proxyPath - true, // proxyToAdmin - true, // camelToSnakeCaseConversion - queryParams, // queryParams - new JsonObject(), // jsonInput - new HashMap<>() // headers - ); - if (response != null) { - response.jsonResponse.getAsJsonObject().addProperty("status", "OK"); - super.sendJsonResponse(200, response.jsonResponse, resp); - } - return; - } - - JsonObject response = new JsonObject(); - response.addProperty("status", "OK"); - super.sendJsonResponse(200, response, resp); - - } catch (IOException | TenantOrAppNotFoundException | BadPermissionException | StorageQueryException e) { - throw new ServletException(e); - } - } -} diff --git a/src/main/java/io/supertokens/webserver/api/oauth/RevokeOAuthTokensAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/RevokeOAuthTokensAPI.java new file mode 100644 index 000000000..6aef1c3ef --- /dev/null +++ b/src/main/java/io/supertokens/webserver/api/oauth/RevokeOAuthTokensAPI.java @@ -0,0 +1,70 @@ +package io.supertokens.webserver.api.oauth; + +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; + +import com.google.gson.JsonObject; + +import io.supertokens.Main; +import io.supertokens.multitenancy.exception.BadPermissionException; +import io.supertokens.oauth.HttpRequestForOry; +import io.supertokens.oauth.OAuth; +import io.supertokens.pluginInterface.RECIPE_ID; +import io.supertokens.pluginInterface.Storage; +import io.supertokens.pluginInterface.exceptions.StorageQueryException; +import io.supertokens.pluginInterface.multitenancy.AppIdentifier; +import io.supertokens.pluginInterface.multitenancy.exceptions.TenantOrAppNotFoundException; +import io.supertokens.webserver.InputParser; +import io.supertokens.webserver.WebserverAPI; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; + +public class RevokeOAuthTokensAPI extends WebserverAPI { + + public RevokeOAuthTokensAPI(Main main){ + super(main, RECIPE_ID.OAUTH.toString()); + } + + @Override + public String getPath() { + return "/recipe/oauth/tokens/revoke"; + } + + @Override + protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException, ServletException { + JsonObject input = InputParser.parseJsonObjectOrThrowError(req); + String clientId = InputParser.parseStringOrThrowError(input, "client_id", false); + + try { + AppIdentifier appIdentifier = getAppIdentifier(req); + Storage storage = enforcePublicTenantAndGetPublicTenantStorage(req); + + OAuth.revokeTokensForClientId(main, appIdentifier, storage, clientId); + + Map queryParams = new HashMap<>(); + queryParams.put("client_id", clientId); + + HttpRequestForOry.Response response = OAuthProxyHelper.proxyJsonDELETE( + main, req, resp, + appIdentifier, + storage, + null, // clientIdToCheck + "/admin/oauth2/tokens", // proxyPath + true, // proxyToAdmin + false, // camelToSnakeCaseConversion + queryParams, // queryParams + new JsonObject(), // jsonInput + new HashMap<>() // headers + ); + + if (response != null) { + response.jsonResponse.getAsJsonObject().addProperty("status", "OK"); + super.sendJsonResponse(200, response.jsonResponse, resp); + } + } catch (IOException | TenantOrAppNotFoundException | BadPermissionException | StorageQueryException e) { + throw new ServletException(e); + } + } +}