forked from jmug/stoatchat
chore: migrate authifier into codebase (#658)
Co-authored-by: izzy <me@insrt.uk> Signed-off-by: Zomatree <me@zomatree.live> Signed-off-by: izzy <me@insrt.uk>
This commit is contained in:
196
crates/delta/src/routes/session/revoke_all.rs
Normal file
196
crates/delta/src/routes/session/revoke_all.rs
Normal file
@@ -0,0 +1,196 @@
|
||||
//! Revoke all sessions
|
||||
//! DELETE /session/all
|
||||
use revolt_database::{Account, Database, Session, ValidatedTicket};
|
||||
use revolt_result::Result;
|
||||
use rocket::State;
|
||||
use rocket_empty::EmptyResponse;
|
||||
|
||||
/// # Delete All Sessions
|
||||
///
|
||||
/// Delete all active sessions, optionally including current one.
|
||||
#[openapi(tag = "Session")]
|
||||
#[delete("/all?<revoke_self>")]
|
||||
pub async fn revoke_all(
|
||||
db: &State<Database>,
|
||||
_ticket: ValidatedTicket,
|
||||
session: Session,
|
||||
account: Account,
|
||||
revoke_self: Option<bool>,
|
||||
) -> Result<EmptyResponse> {
|
||||
let ignore = if revoke_self.unwrap_or(false) {
|
||||
None
|
||||
} else {
|
||||
Some(session.id)
|
||||
};
|
||||
|
||||
account
|
||||
.delete_all_sessions(db, ignore)
|
||||
.await
|
||||
.map(|_| EmptyResponse)
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use crate::{rocket, util::test::TestHarness};
|
||||
use revolt_database::{MFATicket, Totp};
|
||||
use rocket::http::{Header, Status};
|
||||
|
||||
#[rocket::async_test]
|
||||
async fn success() {
|
||||
let harness = TestHarness::new().await;
|
||||
let (account, session, _) = harness.new_user().await;
|
||||
|
||||
for i in 1..=3 {
|
||||
account
|
||||
.create_session(&harness.db, format!("session{}", i))
|
||||
.await
|
||||
.unwrap();
|
||||
}
|
||||
|
||||
let ticket = MFATicket::new(account.id.to_string(), true);
|
||||
ticket.save(&harness.db).await.unwrap();
|
||||
|
||||
let res = harness.client
|
||||
.delete("/auth/session/all?revoke_self=true")
|
||||
.header(Header::new("X-Session-Token", session.token))
|
||||
.header(Header::new("X-MFA-Ticket", ticket.token))
|
||||
.dispatch()
|
||||
.await;
|
||||
|
||||
assert_eq!(res.status(), Status::NoContent);
|
||||
assert!(harness.db
|
||||
.fetch_sessions(&session.user_id)
|
||||
.await
|
||||
.unwrap()
|
||||
.is_empty());
|
||||
}
|
||||
|
||||
#[rocket::async_test]
|
||||
async fn success_not_including_self() {
|
||||
let harness = TestHarness::new().await;
|
||||
let (account, session, _) = harness.new_user().await;
|
||||
|
||||
for i in 1..=3 {
|
||||
account
|
||||
.create_session(&harness.db, format!("session{}", i))
|
||||
.await
|
||||
.unwrap();
|
||||
}
|
||||
|
||||
let ticket = MFATicket::new(account.id.to_string(), true);
|
||||
ticket.save(&harness.db).await.unwrap();
|
||||
|
||||
let res = harness.client
|
||||
.delete("/auth/session/all?revoke_self=false")
|
||||
.header(Header::new("X-Session-Token", session.token))
|
||||
.header(Header::new("X-MFA-Ticket", ticket.token))
|
||||
.dispatch()
|
||||
.await;
|
||||
|
||||
assert_eq!(res.status(), Status::NoContent);
|
||||
let sessions = harness.db
|
||||
.fetch_sessions(&session.user_id)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
assert_eq!(sessions.len(), 1);
|
||||
assert_eq!(sessions[0].id, session.id);
|
||||
}
|
||||
|
||||
#[rocket::async_test]
|
||||
async fn success_mfa() {
|
||||
let harness = TestHarness::new().await;
|
||||
let (mut account, session, _) = harness.new_user().await;
|
||||
|
||||
let totp = Totp::Enabled {
|
||||
secret: "secret".to_string(),
|
||||
};
|
||||
|
||||
account.mfa.totp_token = totp.clone();
|
||||
account.save(&harness.db).await.unwrap();
|
||||
|
||||
for i in 1..=3 {
|
||||
account
|
||||
.create_session(&harness.db, format!("session{}", i))
|
||||
.await
|
||||
.unwrap();
|
||||
}
|
||||
|
||||
let ticket = MFATicket::new(account.id.to_string(), true);
|
||||
ticket.save(&harness.db).await.unwrap();
|
||||
|
||||
let res = harness.client
|
||||
.delete("/auth/session/all?revoke_self=true")
|
||||
.header(Header::new("X-Session-Token", session.token))
|
||||
.header(Header::new("X-MFA-Ticket", ticket.token))
|
||||
.dispatch()
|
||||
.await;
|
||||
|
||||
assert_eq!(res.status(), Status::NoContent);
|
||||
assert!(harness.db
|
||||
.fetch_sessions(&session.user_id)
|
||||
.await
|
||||
.unwrap()
|
||||
.is_empty());
|
||||
}
|
||||
|
||||
#[rocket::async_test]
|
||||
async fn success_not_including_self_mfa() {
|
||||
let harness = TestHarness::new().await;
|
||||
let (mut account, session, _) = harness.new_user().await;
|
||||
|
||||
let totp = Totp::Enabled {
|
||||
secret: "secret".to_string(),
|
||||
};
|
||||
|
||||
account.mfa.totp_token = totp.clone();
|
||||
account.save(&harness.db).await.unwrap();
|
||||
|
||||
for i in 1..=3 {
|
||||
account
|
||||
.create_session(&harness.db, format!("session{}", i))
|
||||
.await
|
||||
.unwrap();
|
||||
}
|
||||
|
||||
let ticket = MFATicket::new(account.id.to_string(), true);
|
||||
ticket.save(&harness.db).await.unwrap();
|
||||
|
||||
let res = harness.client
|
||||
.delete("/auth/session/all?revoke_self=false")
|
||||
.header(Header::new("X-Session-Token", session.token))
|
||||
.header(Header::new("X-MFA-Ticket", ticket.token))
|
||||
.dispatch()
|
||||
.await;
|
||||
|
||||
assert_eq!(res.status(), Status::NoContent);
|
||||
let sessions = harness.db
|
||||
.fetch_sessions(&session.user_id)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
assert_eq!(sessions.len(), 1);
|
||||
assert_eq!(sessions[0].id, session.id);
|
||||
}
|
||||
|
||||
#[rocket::async_test]
|
||||
async fn fail_mfa() {
|
||||
let harness = TestHarness::new().await;
|
||||
let (mut account, session, _) = harness.new_user().await;
|
||||
|
||||
let totp = Totp::Enabled {
|
||||
secret: "secret".to_string(),
|
||||
};
|
||||
|
||||
account.mfa.totp_token = totp.clone();
|
||||
account.save(&harness.db).await.unwrap();
|
||||
|
||||
let res = harness.client
|
||||
.delete("/auth/session/all")
|
||||
.header(Header::new("X-Session-Token", session.token))
|
||||
.dispatch()
|
||||
.await;
|
||||
|
||||
assert_eq!(res.status(), Status::Unauthorized);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user