Session-based OAuth auth fixes (token expiration check), refactoring, tweaks.

[akkoma] / lib / pleroma / web / o_auth / o_auth_controller.ex

diff --git a/lib/pleroma/web/o_auth/o_auth_controller.ex b/lib/pleroma/web/o_auth/o_auth_controller.ex
index d2f9d1cebf379c941df3dfffe46d6b2f19215ac9..83a25907d7f2b5bf2ee77ebc4d995591626960d6 100644 (file)
--- a/lib/pleroma/web/o_auth/o_auth_controller.ex
+++ b/lib/pleroma/web/o_auth/o_auth_controller.ex
@@ -363,7 +363,15 @@ defmodule Pleroma.Web.OAuth.OAuthController do
 
   def token_revoke(%Plug.Conn{} = conn, %{"token" => _token} = params) do
     with {:ok, app} <- Token.Utils.fetch_app(conn),
-         {:ok, _token} <- RevokeToken.revoke(app, params) do
+         {:ok, %Token{} = oauth_token} <- RevokeToken.revoke(app, params) do
+      conn =
+        with session_token = get_session(conn, :oauth_token),
+             %Token{token: ^session_token} <- oauth_token do
+          delete_session(conn, :oauth_token)
+        else
+          _ -> conn
+        end
+
       json(conn, %{})
     else
       _error ->