From 887234db966dc10e3b6e30262a3c136fe9efbf03 Mon Sep 17 00:00:00 2001 From: tamassoltesz Date: Sat, 26 Oct 2024 00:42:05 +0200 Subject: [PATCH] fix: review fixes --- .../PreparedStatementValueSetter.java | 4 +- .../java/io/supertokens/inmemorydb/Start.java | 44 ++----- .../inmemorydb/queries/OAuthQueries.java | 121 ++++-------------- src/main/java/io/supertokens/oauth/OAuth.java | 39 ++---- .../webserver/api/oauth/OAuthAuthAPI.java | 2 +- .../webserver/api/oauth/OAuthTokenAPI.java | 8 +- .../api/oauth/RevokeOAuthTokenAPI.java | 2 +- .../test/oauth/OAuthStorageTest.java | 26 ++-- .../test/oauth/api/TestRevoke5_2.java | 4 +- 9 files changed, 70 insertions(+), 180 deletions(-) diff --git a/src/main/java/io/supertokens/inmemorydb/PreparedStatementValueSetter.java b/src/main/java/io/supertokens/inmemorydb/PreparedStatementValueSetter.java index 97d84e90c..2a1a7e011 100644 --- a/src/main/java/io/supertokens/inmemorydb/PreparedStatementValueSetter.java +++ b/src/main/java/io/supertokens/inmemorydb/PreparedStatementValueSetter.java @@ -16,8 +16,6 @@ package io.supertokens.inmemorydb; -import io.supertokens.pluginInterface.exceptions.StorageQueryException; - import java.sql.PreparedStatement; import java.sql.SQLException; @@ -26,5 +24,5 @@ public interface PreparedStatementValueSetter { PreparedStatementValueSetter NO_OP_SETTER = pst -> { }; - void setValues(PreparedStatement pst) throws SQLException, StorageQueryException; + void setValues(PreparedStatement pst) throws SQLException; } diff --git a/src/main/java/io/supertokens/inmemorydb/Start.java b/src/main/java/io/supertokens/inmemorydb/Start.java index 60ce867ca..7e2f02283 100644 --- a/src/main/java/io/supertokens/inmemorydb/Start.java +++ b/src/main/java/io/supertokens/inmemorydb/Start.java @@ -3196,11 +3196,23 @@ public void deleteOAuthLogoutChallengesBefore(long time) throws StorageQueryExce public void createOrUpdateOAuthSession(AppIdentifier appIdentifier, String gid, String clientId, String externalRefreshToken, String internalRefreshToken, String sessionHandle, List jtis, long exp) - throws StorageQueryException { + throws StorageQueryException, TenantOrAppNotFoundException { try { OAuthQueries.createOrUpdateOAuthSession(this, appIdentifier, gid, clientId, externalRefreshToken, internalRefreshToken, sessionHandle, jtis, exp); } catch (SQLException e) { + if (e instanceof SQLiteException) { + String errorMessage = e.getMessage(); + SQLiteConfig config = Config.getConfig(this); + + if (isForeignKeyConstraintError( + errorMessage, + config.getAppsTable(), + new String[]{"app_id"}, + new Object[]{appIdentifier.getAppId()})) { + throw new TenantOrAppNotFoundException(appIdentifier); + } + } throw new StorageQueryException(e); } } @@ -3215,16 +3227,6 @@ public String getRefreshTokenMapping(AppIdentifier appIdentifier, String externa } } - @Override - public void deleteRefreshTokenMapping(AppIdentifier appIdentifier, String externalRefreshToken) - throws StorageQueryException { - try { - OAuthQueries.deleteRefreshTokenMapping(this, appIdentifier, externalRefreshToken); - } catch (SQLException e) { - throw new StorageQueryException(e); - } - } - @Override public void deleteExpiredOAuthSessions(long exp) throws StorageQueryException { try { @@ -3272,16 +3274,6 @@ public int countTotalNumberOfOAuthM2MTokensAlive(AppIdentifier appIdentifier) th } } - @Override - public boolean isOAuthTokenRevokedByClientId(AppIdentifier appIdentifier, String clientId) - throws StorageQueryException { - try { - return !OAuthQueries.isOAuthSessionExistsByClientId(this, appIdentifier, clientId); - } catch (SQLException e) { - throw new StorageQueryException(e); - } - } - @Override public boolean isOAuthTokenRevokedByGID(AppIdentifier appIdentifier, String gid) throws StorageQueryException { try { @@ -3300,14 +3292,4 @@ public boolean isOAuthTokenRevokedByJTI(AppIdentifier appIdentifier, String gid, throw new StorageQueryException(e); } } - - @Override - public boolean isOAuthTokenRevokedBySessionHandle(AppIdentifier appIdentifier, String sessionHandle) - throws StorageQueryException { - try { - return !OAuthQueries.isOAuthSessionExistsBySessionHandle(this, appIdentifier, sessionHandle); - } catch (SQLException e) { - throw new StorageQueryException(e); - } - } } diff --git a/src/main/java/io/supertokens/inmemorydb/queries/OAuthQueries.java b/src/main/java/io/supertokens/inmemorydb/queries/OAuthQueries.java index 28bef9cfd..f68e2efed 100644 --- a/src/main/java/io/supertokens/inmemorydb/queries/OAuthQueries.java +++ b/src/main/java/io/supertokens/inmemorydb/queries/OAuthQueries.java @@ -27,7 +27,9 @@ import java.sql.SQLException; import java.util.ArrayList; +import java.util.Arrays; import java.util.List; +import java.util.stream.Collectors; import static io.supertokens.inmemorydb.QueryExecutorTemplate.execute; import static io.supertokens.inmemorydb.QueryExecutorTemplate.update; @@ -151,7 +153,7 @@ public static void createOrUpdateOAuthSession(Start start, AppIdentifier appIden String QUERY = "INSERT INTO " + Config.getConfig(start).getOAuthSessionsTable() + " (gid, client_id, app_id, external_refresh_token, internal_refresh_token, session_handle, jti, exp) VALUES (?, ?, ?, ?, ?, ?, ?, ?) " + "ON CONFLICT (gid) DO UPDATE SET external_refresh_token = ?, internal_refresh_token = ?, " + - "session_handle = ? , jti = ?, exp = ?"; + "session_handle = ? , jti = CONCAT(jti, ',' , ?), exp = ?"; update(start, QUERY, pst -> { String jtiDbValue = jtis == null ? null : String.join(",", jtis); @@ -164,20 +166,11 @@ public static void createOrUpdateOAuthSession(Start start, AppIdentifier appIden pst.setString(7, jtiDbValue); pst.setLong(8, exp); - List alreadySavedJTIs = getOAuthJTIsByGID(start, appIdentifier, gid); - if(alreadySavedJTIs != null) { - if(jtiDbValue != null) { - jtiDbValue += ","; - } - jtiDbValue += String.join(",", alreadySavedJTIs); - } - pst.setString(9, externalRefreshToken); pst.setString(10, internalRefreshToken); pst.setString(11, sessionHandle); pst.setString(12, jtiDbValue); pst.setLong(13, exp); - }); } @@ -233,7 +226,7 @@ public static boolean deleteOAuthClient(Start start, String clientId, AppIdentif public static boolean deleteOAuthSessionByGID(Start start, AppIdentifier appIdentifier, String gid) throws SQLException, StorageQueryException { String DELETE = "DELETE FROM " + Config.getConfig(start).getOAuthSessionsTable() - + " WHERE gid = ? and app_id = ?"; + + " WHERE gid = ? and app_id = ?;"; int numberOfRows = update(start, DELETE, pst -> { pst.setString(1, gid); pst.setString(2, appIdentifier.getAppId()); @@ -244,7 +237,7 @@ public static boolean deleteOAuthSessionByGID(Start start, AppIdentifier appIden public static boolean deleteOAuthSessionByClientId(Start start, AppIdentifier appIdentifier, String clientId) throws SQLException, StorageQueryException { String DELETE = "DELETE FROM " + Config.getConfig(start).getOAuthSessionsTable() - + " WHERE app_id = ? and client_id = ?"; + + " WHERE app_id = ? and client_id = ?;"; int numberOfRows = update(start, DELETE, pst -> { pst.setString(1, appIdentifier.getAppId()); pst.setString(2, clientId); @@ -266,14 +259,15 @@ public static boolean deleteOAuthSessionBySessionHandle(Start start, AppIdentifi public static boolean deleteJTIFromOAuthSession(Start start, AppIdentifier appIdentifier, String gid, String jti) throws SQLException, StorageQueryException { //jti is a comma separated list. When deleting a jti, just have to delete from the list - List savedJTIs = getOAuthJTIsByGID(start, appIdentifier, gid); - List toSaveJTIs = new ArrayList<>(savedJTIs); - boolean deletionHappened = false; - if (toSaveJTIs != null && toSaveJTIs.contains(jti)){ - toSaveJTIs.remove(jti); - deletionHappened = updateOAuthJTIsByGID(start, appIdentifier, gid, toSaveJTIs) > 0; - } - return deletionHappened; + String DELETE = "UPDATE " + Config.getConfig(start).getOAuthSessionsTable() + + " SET jti = REPLACE(jti, ?, '')" // deletion means replacing the jti with empty char + + " WHERE app_id = ? and gid = ?"; + int numberOfRows = update(start, DELETE, pst -> { + pst.setString(1, jti); + pst.setString(2, appIdentifier.getAppId()); + pst.setString(3, gid); + }); + return numberOfRows > 0; } public static int countTotalNumberOfClients(Start start, AppIdentifier appIdentifier, @@ -415,45 +409,6 @@ public static String getRefreshTokenMapping(Start start, AppIdentifier appIdenti }); } - public static void deleteRefreshTokenMapping(Start start, AppIdentifier appIdentifier, - String externalRefreshToken) throws SQLException, StorageQueryException { - String QUERY = "UPDATE " + Config.getConfig(start).getOAuthSessionsTable() + - " SET external_refresh_token = ?, internal_refresh_token = ?" + - " WHERE app_id = ? AND external_refresh_token = ?"; - update(start, QUERY, pst -> { - pst.setString(1, null); - pst.setString(2, null); - pst.setString(3, appIdentifier.getAppId()); - pst.setString(4, externalRefreshToken); - }); - } - - public static List getOAuthJTIsByGID(Start start, AppIdentifier appIdentifier, String gid) - throws SQLException, StorageQueryException { - String SELECT = "SELECT jti FROM " + Config.getConfig(start).getOAuthSessionsTable() + - " WHERE app_id = ? AND gid = ?"; - return execute(start, SELECT, pst -> { - pst.setString(1, appIdentifier.getAppId()); - pst.setString(2, gid); - }, result -> { - if (result.next()) { - return List.of(result.getString("jti").split(",")); - } - return null; - }); - } - - public static int updateOAuthJTIsByGID(Start start, AppIdentifier appIdentifier, String gid, List jtis) - throws SQLException, StorageQueryException { - String UPDATE = "UPDATE " + Config.getConfig(start).getOAuthSessionsTable() + - " SET jti = ? WHERE app_id = ? AND gid = ?"; - return update(start, UPDATE, pst -> { - pst.setString(1, String.join(",", jtis)); - pst.setString(2, appIdentifier.getAppId()); - pst.setString(3, gid); - }); - } - public static void deleteExpiredOAuthSessions(Start start, long exp) throws SQLException, StorageQueryException { // delete expired M2M tokens String QUERY = "DELETE FROM " + Config.getConfig(start).getOAuthSessionsTable() + @@ -468,68 +423,38 @@ public static void deleteExpiredOAuthM2MTokens(Start start, long exp) throws SQL // delete expired M2M tokens String QUERY = "DELETE FROM " + Config.getConfig(start).getOAuthM2MTokensTable() + " WHERE exp < ?"; - update(start, QUERY, pst -> { pst.setLong(1, exp); }); } - public static boolean isOAuthSessionExistsByGID(Start start, AppIdentifier appIdentifier, String gid) + public static boolean isOAuthSessionExistsByJTI(Start start, AppIdentifier appIdentifier, String gid, String jti) throws SQLException, StorageQueryException { - String SELECT = "SELECT count(*) FROM " + Config.getConfig(start).getOAuthSessionsTable() - + " WHERE app_id = ? and gid = ?"; + String SELECT = "SELECT jti FROM " + Config.getConfig(start).getOAuthSessionsTable() + + " WHERE app_id = ? and gid = ?;"; return execute(start, SELECT, pst -> { pst.setString(1, appIdentifier.getAppId()); pst.setString(2, gid); }, result -> { if(result.next()){ - return result.getInt(1) > 0; + List jtis = Arrays.stream(result.getString(1).split(",")).filter(s -> !s.isEmpty()).collect( + Collectors.toList()); + return jtis.contains(jti); } return false; }); } - public static boolean isOAuthSessionExistsByClientId(Start start, AppIdentifier appIdentifier, String clientId) + public static boolean isOAuthSessionExistsByGID(Start start, AppIdentifier appIdentifier, String gid) throws SQLException, StorageQueryException { String SELECT = "SELECT count(*) FROM " + Config.getConfig(start).getOAuthSessionsTable() - + " WHERE app_id = ? and client_id = ?"; - return execute(start, SELECT, pst -> { - pst.setString(1, appIdentifier.getAppId()); - pst.setString(2, clientId); - }, result -> { - if(result.next()){ - return result.getInt(1) > 0; - } - return false; - }); - } - - public static boolean isOAuthSessionExistsBySessionHandle(Start start, AppIdentifier appIdentifier, String sessionHandle) - throws SQLException, StorageQueryException { - String SELECT = "SELECT count(*) FROM " + Config.getConfig(start).getOAuthSessionsTable() - + " WHERE app_id = ? and session_handle = ?"; - return execute(start, SELECT, pst -> { - pst.setString(1, appIdentifier.getAppId()); - pst.setString(2, sessionHandle); - }, result -> { - if(result.next()){ - return result.getInt(1) > 0; - } - return false; - }); - } - - public static boolean isOAuthSessionExistsByJTI(Start start, AppIdentifier appIdentifier, String gid, String jti) - throws SQLException, StorageQueryException { - String SELECT = "SELECT jti FROM " + Config.getConfig(start).getOAuthSessionsTable() - + " WHERE app_id = ? and gid = ?"; + + " WHERE app_id = ? and gid = ?;"; return execute(start, SELECT, pst -> { pst.setString(1, appIdentifier.getAppId()); pst.setString(2, gid); }, result -> { if(result.next()){ - List jtis = List.of(result.getString(1).split(",")); - return jtis.contains(jti); + return result.getInt(1) > 0; } return false; }); diff --git a/src/main/java/io/supertokens/oauth/OAuth.java b/src/main/java/io/supertokens/oauth/OAuth.java index deda0ff4f..a6d778a5f 100644 --- a/src/main/java/io/supertokens/oauth/OAuth.java +++ b/src/main/java/io/supertokens/oauth/OAuth.java @@ -496,23 +496,14 @@ public static void verifyAndUpdateIntrospectRefreshTokenPayload(Main main, AppId } private static boolean isTokenRevokedBasedOnPayload(OAuthStorage oauthStorage, AppIdentifier appIdentifier, JsonObject payload) throws StorageQueryException { - long issuedAt = payload.get("iat").getAsLong(); - boolean revoked = false; - - revoked = oauthStorage.isOAuthTokenRevokedByClientId(appIdentifier, payload.get("client_id").getAsString()); - + boolean revoked = true; if (payload.has("jti") && payload.has("gid")) { - revoked = revoked || oauthStorage.isOAuthTokenRevokedByJTI(appIdentifier, payload.get("gid").getAsString(), payload.get("jti").getAsString()); - } - - if (payload.has("gid")) { - revoked = revoked || oauthStorage.isOAuthTokenRevokedByGID(appIdentifier, payload.get("gid").getAsString()); - } - - if (payload.has("sessionHandle")) { - revoked = revoked || oauthStorage.isOAuthTokenRevokedBySessionHandle(appIdentifier, payload.get("sessionHandle").getAsString()); + //access token + revoked = oauthStorage.isOAuthTokenRevokedByJTI(appIdentifier, payload.get("gid").getAsString(), payload.get("jti").getAsString()); + } else { + // refresh token + revoked = oauthStorage.isOAuthTokenRevokedByGID(appIdentifier, payload.get("gid").getAsString()); } - return revoked; } @@ -551,7 +542,7 @@ public static void revokeTokensForClientId(Main main, AppIdentifier appIdentifie oauthStorage.revokeOAuthTokenByClientId(appIdentifier, clientId); } - public static void revokeRefreshToken(Main main, AppIdentifier appIdentifier, Storage storage, String gid, long exp) + public static void revokeRefreshToken(Main main, AppIdentifier appIdentifier, Storage storage, String gid) throws StorageQueryException, NoSuchAlgorithmException, TenantOrAppNotFoundException { OAuthStorage oauthStorage = StorageUtils.getOAuthStorage(storage); oauthStorage.revokeOAuthTokenByGID(appIdentifier, gid); @@ -562,9 +553,6 @@ public static void revokeAccessToken(Main main, AppIdentifier appIdentifier, try { OAuthStorage oauthStorage = StorageUtils.getOAuthStorage(storage); JsonObject payload = OAuthToken.getPayloadFromJWTToken(appIdentifier, main, token); - - long exp = payload.get("exp").getAsLong(); - if (payload.has("stt") && payload.get("stt").getAsInt() == OAuthToken.TokenType.ACCESS_TOKEN.getValue()) { String jti = payload.get("jti").getAsString(); String gid = payload.get("gid").getAsString(); @@ -669,17 +657,12 @@ public static String getInternalRefreshToken(Main main, AppIdentifier appIdentif return internalRefreshToken; } - public static void createOrUpdateRefreshTokenMapping(Main main, AppIdentifier appIdentifier, Storage storage, - String clientId, String gid, String externalRefreshToken, String internalRefreshToken, - String sessionHandle, List jtis, long exp) throws StorageQueryException { + public static void createOrUpdateOauthSession(Main main, AppIdentifier appIdentifier, Storage storage, + String clientId, String gid, String externalRefreshToken, String internalRefreshToken, + String sessionHandle, List jtis, long exp) + throws StorageQueryException, TenantOrAppNotFoundException { OAuthStorage oauthStorage = StorageUtils.getOAuthStorage(storage); oauthStorage.createOrUpdateOAuthSession(appIdentifier, gid, clientId, externalRefreshToken, internalRefreshToken, sessionHandle, jtis, exp); } - - public static void deleteRefreshTokenMappingIfExists(Main main, AppIdentifier appIdentifier, Storage storage, - String externalRefreshToken) throws StorageQueryException { - OAuthStorage oauthStorage = StorageUtils.getOAuthStorage(storage); - oauthStorage.deleteRefreshTokenMapping(appIdentifier, externalRefreshToken); - } } diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthAuthAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthAuthAPI.java index 1d9ad5817..06300961b 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthAuthAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthAuthAPI.java @@ -134,7 +134,7 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I updateLastActive(appIdentifier, sessionHandle); } - OAuth.createOrUpdateRefreshTokenMapping(main, appIdentifier, storage, clientId, gid, null, null, sessionHandle, List.of(jti), exp); + OAuth.createOrUpdateOauthSession(main, appIdentifier, storage, clientId, gid, null, null, sessionHandle, List.of(jti), exp); } } } diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenAPI.java index c35ccf685..3f159caf5 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenAPI.java @@ -239,14 +239,14 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I if (inputRefreshToken == null) { // Issuing a new refresh token, always creating a mapping. - OAuth.createOrUpdateRefreshTokenMapping(main, appIdentifier, storage, clientId, gid, newRefreshToken, null, sessionHandle, List.of(jti), refreshTokenExp); + OAuth.createOrUpdateOauthSession(main, appIdentifier, storage, clientId, gid, newRefreshToken, null, sessionHandle, List.of(jti), refreshTokenExp); } else { // Refreshing a token if (!oauthClient.enableRefreshTokenRotation) { - OAuth.createOrUpdateRefreshTokenMapping(main, appIdentifier, storage, clientId, gid, inputRefreshToken, newRefreshToken, sessionHandle, List.of(jti), refreshTokenExp); + OAuth.createOrUpdateOauthSession(main, appIdentifier, storage, clientId, gid, inputRefreshToken, newRefreshToken, sessionHandle, List.of(jti), refreshTokenExp); response.jsonResponse.getAsJsonObject().remove("refresh_token"); } else { - OAuth.createOrUpdateRefreshTokenMapping(main, appIdentifier, storage, clientId, gid, newRefreshToken, null, sessionHandle, List.of(jti), refreshTokenExp); + OAuth.createOrUpdateOauthSession(main, appIdentifier, storage, clientId, gid, newRefreshToken, null, sessionHandle, List.of(jti), refreshTokenExp); } } } else { @@ -255,7 +255,7 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I if (accessTokenPayload.has("sessionHandle")) { updateLastActive(appIdentifier, accessTokenPayload.get("sessionHandle").getAsString()); } - OAuth.createOrUpdateRefreshTokenMapping(main, appIdentifier, storage, clientId, gid, null, null, sessionHandle, List.of(jti), exp); + OAuth.createOrUpdateOauthSession(main, appIdentifier, storage, clientId, gid, null, null, sessionHandle, List.of(jti), exp); } catch (Exception e) { // ignore } diff --git a/src/main/java/io/supertokens/webserver/api/oauth/RevokeOAuthTokenAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/RevokeOAuthTokenAPI.java index 0a7c951cf..d958821de 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/RevokeOAuthTokenAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/RevokeOAuthTokenAPI.java @@ -131,7 +131,7 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I // Success response would mean that the clientId/secret has been validated if (gid != null) { try { - OAuth.revokeRefreshToken(main, appIdentifier, storage, gid, exp); + OAuth.revokeRefreshToken(main, appIdentifier, storage, gid); } catch (StorageQueryException | NoSuchAlgorithmException e) { throw new ServletException(e); } diff --git a/src/test/java/io/supertokens/test/oauth/OAuthStorageTest.java b/src/test/java/io/supertokens/test/oauth/OAuthStorageTest.java index c9b0dade0..a9da18ff2 100644 --- a/src/test/java/io/supertokens/test/oauth/OAuthStorageTest.java +++ b/src/test/java/io/supertokens/test/oauth/OAuthStorageTest.java @@ -180,10 +180,8 @@ public void testRevoke() throws Exception { storage.createOrUpdateOAuthSession(appIdentifier, "abcd", "clientid", "externalRefreshToken", "internalRefreshToken", "efgh", List.of("ijkl", "mnop"), System.currentTimeMillis() + 1000 * 60 * 60 * 24); - assertFalse(storage.isOAuthTokenRevokedByGID(appIdentifier,"abcd")); - assertFalse(storage.isOAuthTokenRevokedByClientId(appIdentifier,"clientid")); - assertFalse(storage.isOAuthTokenRevokedBySessionHandle(appIdentifier, "efgh")); assertFalse(storage.isOAuthTokenRevokedByJTI(appIdentifier, "abcd", "ijkl")); + assertFalse(storage.isOAuthTokenRevokedByJTI(appIdentifier, "abcd", "mnop")); storage.revokeOAuthTokenByJTI(appIdentifier, "abcd","ijkl"); assertTrue(storage.isOAuthTokenRevokedByJTI(appIdentifier, "abcd", "ijkl")); @@ -195,12 +193,12 @@ public void testRevoke() throws Exception { storage.revokeOAuthTokenByGID(appIdentifier, "abcd"); - assertTrue(storage.isOAuthTokenRevokedByGID(appIdentifier,"abcd")); + assertTrue(storage.isOAuthTokenRevokedByJTI(appIdentifier, "abcd", "mnop")); storage.createOrUpdateOAuthSession(appIdentifier, "abcd", "clientid", "externalRefreshToken", "internalRefreshToken", "efgh", List.of("ijkl", "mnop"), System.currentTimeMillis() + 1000 * 60 * 60 * 24); storage.revokeOAuthTokenBySessionHandle(appIdentifier, "efgh"); - assertTrue(storage.isOAuthTokenRevokedBySessionHandle(appIdentifier, "efgh")); + assertTrue(storage.isOAuthTokenRevokedByJTI(appIdentifier, "abcd", "mnop")); // test cleanup Thread.sleep(3000); @@ -273,7 +271,7 @@ public void testConstraints() throws Exception { // this is what we expect } { - storage.revokeOAuthTokenByGID(appIdentifier, "abcd"); + assertFalse(storage.revokeOAuthTokenByGID(appIdentifier, "abcd")); } // App id FK @@ -284,12 +282,8 @@ public void testConstraints() throws Exception { } catch (TenantOrAppNotFoundException e) { // expected } -// try { - storage.revokeOAuthTokenByGID(appIdentifier2, "abcd"); -// fail(); -// } catch (TenantOrAppNotFoundException e) { -// // expected -// } + + assertFalse(storage.revokeOAuthTokenByGID(appIdentifier2, "abcd")); // Client FK try { @@ -317,6 +311,14 @@ public void testConstraints() throws Exception { // expected } + try { + storage.createOrUpdateOAuthSession(appIdentifier2, "abcd", "clientid", null, null, null, List.of("asdasd"), + System.currentTimeMillis() + 10000); + fail(); + } catch (TenantOrAppNotFoundException e) { + //expected + } + process.kill(); assertNotNull(process.checkOrWaitForEvent(ProcessState.PROCESS_STATE.STOPPED)); } diff --git a/src/test/java/io/supertokens/test/oauth/api/TestRevoke5_2.java b/src/test/java/io/supertokens/test/oauth/api/TestRevoke5_2.java index 962e96477..c0eece257 100644 --- a/src/test/java/io/supertokens/test/oauth/api/TestRevoke5_2.java +++ b/src/test/java/io/supertokens/test/oauth/api/TestRevoke5_2.java @@ -179,7 +179,7 @@ public void testRevokeClientId() throws Exception { Thread.sleep(1000); - // test introspect refresh token (allowed) + // test introspect refresh token (should be revoked also - not allowed) JsonObject introspectResponse = introspectToken(process.getProcess(), tokenResponse.get("refresh_token").getAsString()); assertEquals("OK", introspectResponse.get("status").getAsString()); @@ -190,7 +190,7 @@ public void testRevokeClientId() throws Exception { assertEquals("OK", introspectResponse.get("status").getAsString()); assertFalse(introspectResponse.get("active").getAsBoolean()); - // test refresh token (allowed) + // test refresh token (not allowed) JsonObject refreshResponse = refreshToken(process.getProcess(), client, tokenResponse.get("refresh_token").getAsString()); assertEquals("OAUTH_ERROR", refreshResponse.get("status").getAsString());