DELETE /tokens/current should revoke, not actually delete token

Author: mibac138

src/controllers/token.rs

@@ -116,10 +116,11 @@ pub fn revoke_current(req: &mut dyn RequestExt) -> EndpointResult {
         .api_token_id()
         .ok_or_else(|| bad_request("token not provided"))?;
     let conn = req.db_conn()?;
-    diesel::delete({
+    diesel::update({
         use self::api_tokens::dsl::*;
         api_tokens.filter(id.eq(api_token_id))
     })
+    .set(api_tokens::revoked.eq(true))
     .execute(&*conn)?;
 
     #[derive(Serialize)]

src/tests/token.rs

@@ -280,7 +280,7 @@ fn revoke_current_token_success() {
 
     // List tokens contains the token
     app.db(|conn| {
-        let tokens = t!(ApiToken::belonging_to(user.as_model()).load::<ApiToken>(conn));
+        let tokens: Vec<ApiToken> = assert_ok!(ApiToken::belonging_to(user.as_model()).load(conn));
         assert_eq!(tokens.len(), 1);
         assert_eq!(tokens[0].name, token.as_model().name);
     });
@@ -298,13 +298,22 @@ fn revoke_current_token_success() {
     });
 }
 
+#[test]
+fn revoke_current_token_invalid() {
+    let (_, _, user) = TestApp::init().with_user();
+
+    user.delete::<RevokedResponse>("/api/v1/tokens/current")
+        .bad_with_status(StatusCode::BAD_REQUEST)
+        .assert_error("token not provided");
+}
+
 #[test]
 fn revoke_current_token_fail() {
     let (app, _, user, token) = TestApp::init().with_token();
 
     // List tokens contains the token
     app.db(|conn| {
-        let tokens = t!(ApiToken::belonging_to(user.as_model()).load::<ApiToken>(conn));
+        let tokens: Vec<ApiToken> = assert_ok!(ApiToken::belonging_to(user.as_model()).load(conn));
         assert_eq!(tokens.len(), 1);
         assert_eq!(tokens[0].name, token.as_model().name);
     });