import Ecto.{Changeset, Query}
alias Pleroma.{Repo, User, Object, Web, Activity, Notification}
alias Comeonin.Pbkdf2
- alias Pleroma.Web.{OStatus, Websub}
+ alias Pleroma.Web.{OStatus, Websub, OAuth}
alias Pleroma.Web.ActivityPub.{Utils, ActivityPub}
schema "users" do
|> validate_required([:password, :password_confirmation])
|> validate_confirmation(:password)
+ OAuth.Token.delete_user_tokens(struct)
+ OAuth.Authorization.delete_user_authorizations(struct)
+
if changeset.valid? do
hashed = Pbkdf2.hashpwsalt(changeset.changes[:password])
alias Pleroma.{User, Repo}
alias Pleroma.Web.OAuth.{Authorization, App}
- import Ecto.{Changeset}
+ import Ecto.{Changeset, Query}
schema "oauth_authorizations" do
field(:token, :string)
end
def use_token(%Authorization{used: true}), do: {:error, "already used"}
+
+ def delete_user_authorizations(%User{id: user_id}) do
+ from(
+ a in Pleroma.Web.OAuth.Authorization,
+ where: a.user_id == ^user_id
+ )
+ |> Repo.delete_all()
+ end
end
defmodule Pleroma.Web.OAuth.Token do
use Ecto.Schema
+ import Ecto.Query
+
alias Pleroma.{User, Repo}
alias Pleroma.Web.OAuth.{Token, App, Authorization}
Repo.insert(token)
end
+
+ def delete_user_tokens(%User{id: user_id}) do
+ from(
+ t in Pleroma.Web.OAuth.Token,
+ where: t.user_id == ^user_id
+ )
+ |> Repo.delete_all()
+ end
end
assert {:error, "token expired"} == Authorization.use_token(expired_auth)
end
+
+ test "delete authorizations" do
+ {:ok, app} =
+ Repo.insert(
+ App.register_changeset(%App{}, %{
+ client_name: "client",
+ scopes: "scope",
+ redirect_uris: "url"
+ })
+ )
+
+ user = insert(:user)
+
+ {:ok, auth} = Authorization.create_authorization(app, user)
+ {:ok, auth} = Authorization.use_token(auth)
+
+ {auths, _} = Authorization.delete_user_authorizations(user)
+
+ {_, invalid} = Authorization.use_token(auth)
+
+ assert auth != invalid
+ end
end
auth = Repo.get(Authorization, auth.id)
{:error, "already used"} = Token.exchange_token(app, auth)
end
+
+ test "deletes all tokens of a user" do
+ {:ok, app1} =
+ Repo.insert(
+ App.register_changeset(%App{}, %{
+ client_name: "client1",
+ scopes: "scope",
+ redirect_uris: "url"
+ })
+ )
+
+ {:ok, app2} =
+ Repo.insert(
+ App.register_changeset(%App{}, %{
+ client_name: "client2",
+ scopes: "scope",
+ redirect_uris: "url"
+ })
+ )
+
+ user = insert(:user)
+
+ {:ok, auth1} = Authorization.create_authorization(app1, user)
+ {:ok, auth2} = Authorization.create_authorization(app2, user)
+
+ {:ok, token1} = Token.exchange_token(app1, auth1)
+ {:ok, token2} = Token.exchange_token(app2, auth2)
+
+ {tokens, _} = Token.delete_user_tokens(user)
+
+ assert tokens == 2
+ end
end
projects / akkoma / commitdiff