From 84d84e4ca49c02180828d65d95b841953ed04ef0 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Martin=20K=C3=BChl?= <martin.kuehl@gmail.com>
Date: Wed, 29 Aug 2018 01:25:40 +0200
Subject: [PATCH] OAuth: Support /revoke endpoint for revoking tokens

(for compatibility with Mastodon)
---
 lib/pleroma/web/oauth/oauth_controller.ex | 12 ++++++++++++
 lib/pleroma/web/router.ex                 |  1 +
 2 files changed, 13 insertions(+)

diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex
index 934171585..160cedd8e 100644
--- a/lib/pleroma/web/oauth/oauth_controller.ex
+++ b/lib/pleroma/web/oauth/oauth_controller.ex
@@ -118,6 +118,18 @@ defmodule Pleroma.Web.OAuth.OAuthController do
     token_exchange(conn, params)
   end
 
+  def token_revoke(conn, %{"token" => token} = params) do
+    with %App{} = app <- get_app_from_request(conn, params),
+         %Token{} = token <- Repo.get_by(Token, token: token, app_id: app.id),
+         {:ok, %Token{}} <- Repo.delete(token) do
+      json(conn, %{})
+    else
+      _error ->
+        # RFC 7009: invalid tokens [in the request] do not cause an error response
+        json(conn, %{})
+    end
+  end
+
   defp fix_padding(token) do
     token
     |> Base.url_decode64!(padding: false)
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index 927323794..5f746df31 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -93,6 +93,7 @@ defmodule Pleroma.Web.Router do
     get("/authorize", OAuthController, :authorize)
     post("/authorize", OAuthController, :create_authorization)
     post("/token", OAuthController, :token_exchange)
+    post("/revoke", OAuthController, :token_revoke)
   end
 
   scope "/api/v1", Pleroma.Web.MastodonAPI do
-- 
2.49.0