From 18517d2eb911d2df5c585fcb205a621edb272495 Mon Sep 17 00:00:00 2001 From: Ronald Date: Tue, 26 Sep 2023 10:05:43 +0200 Subject: [PATCH] Add revokeAccessTokenBySecret --- docs/guides/api_tokens.md | 3 ++- docs/references/authentication/tokens.md | 6 ++++++ src/Authentication/Traits/HasAccessTokens.php | 11 +++++++++++ src/Models/UserIdentityModel.php | 15 +++++++++++++++ tests/Authentication/HasAccessTokensTest.php | 11 +++++++++++ 5 files changed, 45 insertions(+), 1 deletion(-) diff --git a/docs/guides/api_tokens.md b/docs/guides/api_tokens.md index c3d6cc0f8..638b7595e 100644 --- a/docs/guides/api_tokens.md +++ b/docs/guides/api_tokens.md @@ -47,10 +47,11 @@ if ($user->tokenCan('users-read')) { ### Revoking Tokens -Tokens can be revoked by deleting them from the database with the `revokeAccessToken($rawToken)` or `revokeAllAccessTokens()` methods. +Tokens can be revoked by deleting them from the database with the `revokeAccessToken($rawToken)`, `revokeAccessTokenBySecret($secret)` or `revokeAllAccessTokens()` methods. ```php $user->revokeAccessToken($rawToken); +$user->revokeAccessTokenBySecret($secret); $user->revokeAllAccessTokens(); ``` diff --git a/docs/references/authentication/tokens.md b/docs/references/authentication/tokens.md index 9e50c9320..b97cb6769 100644 --- a/docs/references/authentication/tokens.md +++ b/docs/references/authentication/tokens.md @@ -56,6 +56,12 @@ Typically, the plain text token is retrieved from the request's headers as part process. If you need to revoke the token for another user as an admin, and don't have access to the token, you would need to get the user's access tokens and delete them manually. +If you don't have the raw token usable to remove the token there is the possibility to remove it using the tokens secret thats stored in the database. It's possible to get a list of all tokens with there secret using the `accessTokens()` function. + +```php +$user->revokeAccessTokenBySecret($secret); +``` + You can revoke all access tokens with the `revokeAllAccessTokens()` method. ```php diff --git a/src/Authentication/Traits/HasAccessTokens.php b/src/Authentication/Traits/HasAccessTokens.php index 389fe9576..e19aecaa2 100644 --- a/src/Authentication/Traits/HasAccessTokens.php +++ b/src/Authentication/Traits/HasAccessTokens.php @@ -47,6 +47,17 @@ public function revokeAccessToken(string $rawToken): void $identityModel->revokeAccessToken($this, $rawToken); } + /** + * Delete any access tokens for the given secret token. + */ + public function revokeAccessTokenBySecret(string $secretToken): void + { + /** @var UserIdentityModel $identityModel */ + $identityModel = model(UserIdentityModel::class); + + $identityModel->revokeAccessTokenBySecret($this, $secretToken); + } + /** * Revokes all access tokens for this user. */ diff --git a/src/Models/UserIdentityModel.php b/src/Models/UserIdentityModel.php index 45c5ee4f3..b91c48712 100644 --- a/src/Models/UserIdentityModel.php +++ b/src/Models/UserIdentityModel.php @@ -456,6 +456,21 @@ public function revokeAccessToken(User $user, string $rawToken): void $this->checkQueryReturn($return); } + /** + * Delete any access tokens for the given secret token. + */ + public function revokeAccessTokenBySecret(User $user, string $secretToken): void + { + $this->checkUserId($user); + + $return = $this->where('user_id', $user->id) + ->where('type', AccessTokens::ID_TYPE_ACCESS_TOKEN) + ->where('secret', $secretToken) + ->delete(); + + $this->checkQueryReturn($return); + } + /** * Revokes all access tokens for this user. */ diff --git a/tests/Authentication/HasAccessTokensTest.php b/tests/Authentication/HasAccessTokensTest.php index 302e99906..9612b8136 100644 --- a/tests/Authentication/HasAccessTokensTest.php +++ b/tests/Authentication/HasAccessTokensTest.php @@ -101,6 +101,17 @@ public function testRevokeAccessToken(): void $this->assertCount(0, $this->user->accessTokens()); } + public function testRevokeAccessTokenBySecret(): void + { + $token = $this->user->generateAccessToken('foo'); + + $this->assertCount(1, $this->user->accessTokens()); + + $this->user->revokeAccessTokenBySecret($token->secret); + + $this->assertCount(0, $this->user->accessTokens()); + } + public function testRevokeAllAccessTokens(): void { $this->user->generateAccessToken('foo');