Skip to content

Commit

Permalink
Add ability to delete a token (#4235)
Browse files Browse the repository at this point in the history
Fix #4234
  • Loading branch information
techknowlogick authored Jul 7, 2018
1 parent 1675fc4 commit ab55ca7
Show file tree
Hide file tree
Showing 7 changed files with 138 additions and 1 deletion.
2 changes: 1 addition & 1 deletion Gopkg.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

50 changes: 50 additions & 0 deletions integrations/api_token_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
// Copyright 2018 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package integrations

import (
"net/http"
"testing"

"code.gitea.io/gitea/models"
api "code.gitea.io/sdk/gitea"
)

// TestAPICreateAndDeleteToken tests that token that was just created can be deleted
func TestAPICreateAndDeleteToken(t *testing.T) {
prepareTestEnv(t)
user := models.AssertExistsAndLoadBean(t, &models.User{ID: 1}).(*models.User)

req := NewRequestWithJSON(t, "POST", "/api/v1/users/user1/tokens", map[string]string{
"name": "test-key-1",
})
req = AddBasicAuthHeader(req, user.Name)
resp := MakeRequest(t, req, http.StatusCreated)

var newAccessToken api.AccessToken
DecodeJSON(t, resp, &newAccessToken)
models.AssertExistsAndLoadBean(t, &models.AccessToken{
ID: newAccessToken.ID,
Name: newAccessToken.Name,
Sha1: newAccessToken.Sha1,
UID: user.ID,
})

req = NewRequestf(t, "DELETE", "/api/v1/users/user1/tokens/%d", newAccessToken.ID)
req = AddBasicAuthHeader(req, user.Name)
MakeRequest(t, req, http.StatusNoContent)

models.AssertNotExistsBean(t, &models.AccessToken{ID: newAccessToken.ID})
}

// TestAPIDeleteMissingToken ensures that error is thrown when token not found
func TestAPIDeleteMissingToken(t *testing.T) {
prepareTestEnv(t)
user := models.AssertExistsAndLoadBean(t, &models.User{ID: 1}).(*models.User)

req := NewRequestf(t, "DELETE", "/api/v1/users/user1/tokens/%d", models.NonexistentID)
req = AddBasicAuthHeader(req, user.Name)
MakeRequest(t, req, http.StatusNotFound)
}
5 changes: 5 additions & 0 deletions integrations/integration_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -256,6 +256,11 @@ func NewRequestWithBody(t testing.TB, method, urlStr string, body io.Reader) *ht
return request
}

func AddBasicAuthHeader(request *http.Request, username string) *http.Request {
request.SetBasicAuth(username, userPassword)
return request
}

const NoExpectedStatus = -1

func MakeRequest(t testing.TB, req *http.Request, expectedStatus int) *httptest.ResponseRecorder {
Expand Down
37 changes: 37 additions & 0 deletions public/swagger.v1.json
Original file line number Diff line number Diff line change
Expand Up @@ -5441,6 +5441,39 @@
}
}
},
"/users/{username}/tokens/{token}": {
"delete": {
"produces": [
"application/json"
],
"tags": [
"user"
],
"summary": "delete an access token",
"operationId": "userDeleteAccessToken",
"parameters": [
{
"type": "string",
"description": "username of user",
"name": "username",
"in": "path",
"required": true
},
{
"type": "integer",
"description": "token to be deleted",
"name": "token",
"in": "path",
"required": true
}
],
"responses": {
"204": {
"$ref": "#/responses/empty"
}
}
}
},
"/version": {
"get": {
"produces": [
Expand Down Expand Up @@ -7479,6 +7512,10 @@
"AccessToken": {
"description": "AccessToken represents a API access token.",
"headers": {
"id": {
"type": "integer",
"format": "int64"
},
"name": {
"type": "string"
},
Expand Down
1 change: 1 addition & 0 deletions routers/api/v1/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -302,6 +302,7 @@ func RegisterRoutes(m *macaron.Macaron) {
m.Group("/tokens", func() {
m.Combo("").Get(user.ListAccessTokens).
Post(bind(api.CreateAccessTokenOption{}), user.CreateAccessToken)
m.Combo("/:id").Delete(user.DeleteAccessToken)
}, reqBasicAuth())
})
})
Expand Down
37 changes: 37 additions & 0 deletions routers/api/v1/user/app.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
// Copyright 2014 The Gogs Authors. All rights reserved.
// Copyright 2018 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

Expand Down Expand Up @@ -36,6 +37,7 @@ func ListAccessTokens(ctx *context.APIContext) {
apiTokens := make([]*api.AccessToken, len(tokens))
for i := range tokens {
apiTokens[i] = &api.AccessToken{
ID: tokens[i].ID,
Name: tokens[i].Name,
Sha1: tokens[i].Sha1,
}
Expand Down Expand Up @@ -72,5 +74,40 @@ func CreateAccessToken(ctx *context.APIContext, form api.CreateAccessTokenOption
ctx.JSON(201, &api.AccessToken{
Name: t.Name,
Sha1: t.Sha1,
ID: t.ID,
})
}

// DeleteAccessToken delete access tokens
func DeleteAccessToken(ctx *context.APIContext) {
// swagger:operation DELETE /users/{username}/tokens/{token} user userDeleteAccessToken
// ---
// summary: delete an access token
// produces:
// - application/json
// parameters:
// - name: username
// in: path
// description: username of user
// type: string
// required: true
// - name: token
// in: path
// description: token to be deleted
// type: integer
// required: true
// responses:
// "204":
// "$ref": "#/responses/empty"
tokenID := ctx.ParamsInt64(":id")
if err := models.DeleteAccessTokenByID(tokenID, ctx.User.ID); err != nil {
if models.IsErrAccessTokenNotExist(err) {
ctx.Status(404)
} else {
ctx.Error(500, "DeleteAccessTokenByID", err)
}
return
}

ctx.Status(204)
}
7 changes: 7 additions & 0 deletions vendor/code.gitea.io/sdk/gitea/user_app.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit ab55ca7

Please sign in to comment.