From 35db87fed371b30347d53ebf46cccc25f5f222f7 Mon Sep 17 00:00:00 2001 From: Ronald Date: Sat, 16 Sep 2023 16:43:01 +0200 Subject: [PATCH] Added revokeAccessTokenBySecret --- docs/authentication.md | 6 ++++++ docs/guides/api_tokens.md | 3 ++- src/Authentication/Traits/HasAccessTokens.php | 11 +++++++++++ src/Models/UserIdentityModel.php | 15 +++++++++++++++ tests/Authentication/HasAccessTokensTest.php | 11 +++++++++++ 5 files changed, 45 insertions(+), 1 deletion(-) diff --git a/docs/authentication.md b/docs/authentication.md index 3b177d3dc..38c7800ad 100644 --- a/docs/authentication.md +++ b/docs/authentication.md @@ -240,6 +240,12 @@ Typically, the plain text token is retrieved from the request's headers as part process. If you need to revoke the token for another user as an admin, and don't have access to the token, you would need to get the user's access tokens and delete them manually. +If you dont have the raw token usable to remove the token there is the possibility to remove it using the tokens secret thats stored in the database. It's possible to get a list of all tokens with there secret using the `accessTokens()` function. + +```php +$user->revokeAccessTokenBySecret($secret); +``` + You can revoke all access tokens with the `revokeAllAccessTokens()` method. ```php diff --git a/docs/guides/api_tokens.md b/docs/guides/api_tokens.md index ed9dee901..4ed1103c9 100644 --- a/docs/guides/api_tokens.md +++ b/docs/guides/api_tokens.md @@ -46,10 +46,11 @@ if ($user->tokenCan('users-read')) { ### Revoking Tokens -Tokens can be revoked by deleting them from the database with the `revokeAccessToken($rawToken)` or `revokeAllAccessTokens()` methods. +Tokens can be revoked by deleting them from the database with the `revokeAccessToken($rawToken)`, `revokeAccessTokenBySecret($secret)` or `revokeAllAccessTokens()` methods. ```php $user->revokeAccessToken($rawToken); +$user->revokeAccessTokenBySecret($secret); $user->revokeAllAccessTokens(); ``` diff --git a/src/Authentication/Traits/HasAccessTokens.php b/src/Authentication/Traits/HasAccessTokens.php index 389fe9576..e19aecaa2 100644 --- a/src/Authentication/Traits/HasAccessTokens.php +++ b/src/Authentication/Traits/HasAccessTokens.php @@ -47,6 +47,17 @@ public function revokeAccessToken(string $rawToken): void $identityModel->revokeAccessToken($this, $rawToken); } + /** + * Delete any access tokens for the given secret token. + */ + public function revokeAccessTokenBySecret(string $secretToken): void + { + /** @var UserIdentityModel $identityModel */ + $identityModel = model(UserIdentityModel::class); + + $identityModel->revokeAccessTokenBySecret($this, $secretToken); + } + /** * Revokes all access tokens for this user. */ diff --git a/src/Models/UserIdentityModel.php b/src/Models/UserIdentityModel.php index ee19be499..03610a01a 100644 --- a/src/Models/UserIdentityModel.php +++ b/src/Models/UserIdentityModel.php @@ -319,6 +319,21 @@ public function revokeAccessToken(User $user, string $rawToken): void $this->checkQueryReturn($return); } + /** + * Delete any access tokens for the given secret token. + */ + public function revokeAccessTokenBySecret(User $user, string $secretToken): void + { + $this->checkUserId($user); + + $return = $this->where('user_id', $user->id) + ->where('type', AccessTokens::ID_TYPE_ACCESS_TOKEN) + ->where('secret', $secretToken) + ->delete(); + + $this->checkQueryReturn($return); + } + /** * Revokes all access tokens for this user. */ diff --git a/tests/Authentication/HasAccessTokensTest.php b/tests/Authentication/HasAccessTokensTest.php index 302e99906..9612b8136 100644 --- a/tests/Authentication/HasAccessTokensTest.php +++ b/tests/Authentication/HasAccessTokensTest.php @@ -101,6 +101,17 @@ public function testRevokeAccessToken(): void $this->assertCount(0, $this->user->accessTokens()); } + public function testRevokeAccessTokenBySecret(): void + { + $token = $this->user->generateAccessToken('foo'); + + $this->assertCount(1, $this->user->accessTokens()); + + $this->user->revokeAccessTokenBySecret($token->secret); + + $this->assertCount(0, $this->user->accessTokens()); + } + public function testRevokeAllAccessTokens(): void { $this->user->generateAccessToken('foo');