nat
/
hostas
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Complete token api implementation

This commit is contained in:
Nat 2023-06-14 10:12:28 -07:00
parent 9657ab818c
commit 3d154897a7
Signed by: nat
GPG Key ID: B53AB05285D710D6
2 changed files with 27 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
lib/hostas_web/controllers/auth/token_controller.ex
View File

@ -62,8 +62,7 @@ defmodule HostasWeb.Auth.TokenController do
""" """
def revoke(conn, %{"id" => id_param}) do def revoke(conn, %{"id" => id_param}) do
with {:parsed_id, {id, ""}} <- {:parsed_id, Integer.parse(id_param, 10)}, with {:parsed_id, {id, ""}} <- {:parsed_id, Integer.parse(id_param, 10)},
{:ok, token} <- fetch_token(id, conn), {:ok, token} <- fetch_token(id, conn) do
{:can_access, true} <- {:can_access, token.denizen_id == conn.assigns[:denizen].id} do
Repo.delete_all(from t in Token, where: t.id == ^token.id) Repo.delete_all(from t in Token, where: t.id == ^token.id)
conn conn
@ -80,8 +79,22 @@ defmodule HostasWeb.Auth.TokenController do
Deletes the token the requester used in the `Bearing` header Deletes the token the requester used in the `Bearing` header
and responds with a new one if the old one was valid and unexpired and responds with a new one if the old one was valid and unexpired
""" """
def renew(_conn, _params) do def renew(conn, %{"id" => id_param}) do
:ok with {:parsed_id, {id, ""}} <- {:parsed_id, Integer.parse(id_param, 10)},
{:ok, token} <- fetch_token(id, conn) do
Repo.delete_all(from t in Token, where: t.id == ^token.id)
{:ok, new_token} = Token.new(conn.assigns[:denizen].id)
conn
|> put_status(201)
|> json(Map.take(new_token, [:token, :expires]))
else
_ ->
conn
|> put_status(404)
|> json(%{"error" => "Token not found"})
end
end end
defp fetch_token(id, conn) do defp fetch_token(id, conn) do
@ -90,7 +103,13 @@ defmodule HostasWeb.Auth.TokenController do
else else
case Repo.one(from t in Token, where: t.id == ^id) do case Repo.one(from t in Token, where: t.id == ^id) do
nil -> {:error, :token_not_found} nil -> {:error, :token_not_found}
token -> {:ok, token} token ->
# If the denizen doesn't own it, we lie about its existence
if token.denizen_id == conn.assigns[:denizen].id do
{:ok, token}
else
{:error, :token_not_found}
end
end end
end end
end end

6
test/hostas_web/controllers/auth/token_controller_test.exs
View File

@ -117,10 +117,10 @@ defmodule HostasWeb.Auth.TokenControllerTest do
conn = conn =
conn conn
|> put_req_header("authorization", "Bearer #{struct.token}") |> put_req_header("authorization", "Bearer #{struct.token}")
|> get(~p"/hostapi/auth/token/${struct.id}/renew") |> get(~p"/hostapi/auth/token/#{struct.id}/renew")
assert Map.has_key?(json_response(conn, 200), "token") assert Map.has_key?(json_response(conn, 201), "token")
assert Map.has_key?(json_response(conn, 200), "expires") assert Map.has_key?(json_response(conn, 201), "expires")
assert not Repo.exists?(from t in Token, where: t.id == ^struct.id) assert not Repo.exists?(from t in Token, where: t.id == ^struct.id)
end end