💄

jeanp413 · jeanp413 · commit ae6be2528947 · 2023-08-16T06:56:17.000Z
diff --git a/components/server/src/user/gitpod-token-service.spec.db.ts b/components/server/src/user/gitpod-token-service.spec.db.ts
@@ -93,7 +93,7 @@ describe("GitpodTokenService", async () => {
         await expectError(ErrorCodes.NOT_FOUND, gs.getGitpodTokens(stranger.id, member.id));
     });
 
-    it("should return gitpod token scopes", async () => {
+    it("should return gitpod token", async () => {
         await gs.generateNewGitpodToken(member.id, member.id, {
             name: "token1",
             type: GitpodTokenType.API_AUTH_TOKEN,
@@ -103,12 +103,10 @@ describe("GitpodTokenService", async () => {
         const tokens = await gs.getGitpodTokens(member.id, member.id);
         expect(tokens.length).to.equal(1);
 
-        const scopes = await gs.getGitpodTokenScopes(member.id, member.id, tokens[0].tokenHash);
-        expect(scopes.length).to.equal(2);
-        expect(scopes.some((s) => s === "user:email")).to.be.true;
-        expect(scopes.some((s) => s === "read:user")).to.be.true;
+        const token = await gs.findGitpodToken(member.id, member.id, tokens[0].tokenHash);
+        expect(token).to.not.be.undefined;
 
-        await expectError(ErrorCodes.NOT_FOUND, gs.getGitpodTokenScopes(stranger.id, member.id, tokens[0].tokenHash));
+        await expectError(ErrorCodes.NOT_FOUND, gs.findGitpodToken(stranger.id, member.id, tokens[0].tokenHash));
     });
 
     it("should delete gitpod tokens", async () => {
diff --git a/components/server/src/user/gitpod-token-service.ts b/components/server/src/user/gitpod-token-service.ts
@@ -18,17 +18,10 @@ export class GitpodTokenService {
         @inject(Authorizer) private readonly auth: Authorizer,
     ) {}
 
-    async getGitpodTokens(
-        requestorId: string,
-        userId: string,
-        oldPermissionCheck?: (token: GitpodToken) => Promise<void>, // @deprecated
-    ): Promise<GitpodToken[]> {
+    async getGitpodTokens(requestorId: string, userId: string): Promise<GitpodToken[]> {
         await this.auth.checkPermissionOnUser(requestorId, "read_tokens", userId);
-        const res = (await this.userDB.findAllGitpodTokensOfUser(userId)).filter((v) => !v.deleted);
-        if (oldPermissionCheck) {
-            await Promise.all(res.map((tkn) => oldPermissionCheck(tkn)));
-        }
-        return res;
+        const gitpodTokens = await this.userDB.findAllGitpodTokensOfUser(userId);
+        return gitpodTokens.filter((v) => !v.deleted);
     }
 
     async generateNewGitpodToken(
@@ -55,27 +48,18 @@ export class GitpodTokenService {
         return token;
     }
 
-    async getGitpodTokenScopes(
-        requestorId: string,
-        userId: string,
-        tokenHash: string,
-        oldPermissionCheck?: (token: GitpodToken) => Promise<void>, // @deprecated
-    ): Promise<string[]> {
+    async findGitpodToken(requestorId: string, userId: string, tokenHash: string): Promise<GitpodToken | undefined> {
         await this.auth.checkPermissionOnUser(requestorId, "read_tokens", userId);
         let token: GitpodToken | undefined;
         try {
             token = await this.userDB.findGitpodTokensOfUser(userId, tokenHash);
         } catch (error) {
             log.error({ userId }, "failed to resolve gitpod token: ", error);
-            return [];
         }
-        if (!token || token.deleted) {
-            return [];
+        if (token?.deleted) {
+            token = undefined;
         }
-        if (oldPermissionCheck) {
-            await oldPermissionCheck(token);
-        }
-        return token.scopes;
+        return token;
     }
 
     async deleteGitpodToken(
diff --git a/components/server/src/workspace/gitpod-server-impl.ts b/components/server/src/workspace/gitpod-server-impl.ts
@@ -2893,9 +2893,9 @@ export class GitpodServerImpl implements GitpodServerWithTracing, Disposable {
 
     public async getGitpodTokens(ctx: TraceContext): Promise<GitpodToken[]> {
         const user = await this.checkAndBlockUser("getGitpodTokens");
-        return this.gitpodTokenService.getGitpodTokens(user.id, user.id, (token: GitpodToken) => {
-            return this.guardAccess({ kind: "gitpodToken", subject: token }, "get");
-        });
+        const gitpodTokens = await this.gitpodTokenService.getGitpodTokens(user.id, user.id);
+        await Promise.all(gitpodTokens.map((tkn) => this.guardAccess({ kind: "gitpodToken", subject: tkn }, "get")));
+        return gitpodTokens;
     }
 
     public async generateNewGitpodToken(
@@ -2914,9 +2914,11 @@ export class GitpodServerImpl implements GitpodServerWithTracing, Disposable {
         traceAPIParams(ctx, {}); // do not trace tokenHash
 
         const user = await this.checkAndBlockUser("getGitpodTokenScopes");
-        return this.gitpodTokenService.getGitpodTokenScopes(user.id, user.id, tokenHash, (token: GitpodToken) => {
-            return this.guardAccess({ kind: "gitpodToken", subject: token }, "get");
-        });
+        const gitpodToken = await this.gitpodTokenService.findGitpodToken(user.id, user.id, tokenHash);
+        if (gitpodToken) {
+            await this.guardAccess({ kind: "gitpodToken", subject: gitpodToken }, "get");
+        }
+        return gitpodToken?.scopes ?? [];
     }
 
     public async deleteGitpodToken(ctx: TraceContext, tokenHash: string): Promise<void> {
