Ensure push subscription is immediately removed when application is revoked (#7548)
* Ensure push subscription is immediately removed when application is revoked * When token is revoked from app, unsubscribe tooth-downstream
parent
bc20c2cd3a
commit
7eaa12c83a
@ -0,0 +1,14 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
class Oauth::TokensController < Doorkeeper::TokensController
|
||||
def revoke
|
||||
unsubscribe_for_token if authorized? && token.accessible?
|
||||
super
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def unsubscribe_for_token
|
||||
Web::PushSubscription.where(access_token_id: token.id).delete_all
|
||||
end
|
||||
end
|
@ -0,0 +1,23 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
require 'rails_helper'
|
||||
|
||||
RSpec.describe Oauth::TokensController, type: :controller do
|
||||
describe 'POST #revoke' do
|
||||
let!(:user) { Fabricate(:user) }
|
||||
let!(:access_token) { Fabricate(:accessible_access_token, resource_owner_id: user.id) }
|
||||
let!(:web_push_subscription) { Fabricate(:web_push_subscription, user: user, access_token: access_token) }
|
||||
|
||||
before do
|
||||
post :revoke, params: { token: access_token.token }
|
||||
end
|
||||
|
||||
it 'revokes the token' do
|
||||
expect(access_token.reload.revoked_at).to_not be_nil
|
||||
end
|
||||
|
||||
it 'removes web push subscription for token' do
|
||||
expect(Web::PushSubscription.where(access_token: access_token).count).to eq 0
|
||||
end
|
||||
end
|
||||
end
|
@ -1,3 +1,2 @@
|
||||
Fabricator('Web::Setting') do
|
||||
|
||||
Fabricator(:web_setting, from: Web::Setting) do
|
||||
end
|
||||
|
Loading…
Reference in new issue