Add DELETE /tokens/current endpoint

Author: mibac138

src/controllers/token.rs

@@ -110,3 +110,21 @@ pub fn revoke(req: &mut dyn RequestExt) -> EndpointResult {
     struct R {}
     Ok(req.json(&R {}))
 }
+
+/// Handles the `DELETE /tokens/current` route.
+pub fn revoke_current(req: &mut dyn RequestExt) -> EndpointResult {
+    let authenticated_user = req.authenticate()?;
+    let api_token_id = authenticated_user
+        .api_token_id()
+        .ok_or_else(|| bad_request("token not provided"))?;
+    let conn = req.db_conn()?;
+    diesel::delete({
+        use self::api_tokens::dsl::*;
+        api_tokens.filter(id.eq(api_token_id))
+    })
+    .execute(&*conn)?;
+
+    #[derive(Serialize)]
+    struct R {}
+    Ok(req.json(&R {}))
+}

src/router.rs

@@ -80,6 +80,7 @@ pub fn build_router(app: &App) -> R404 {
     api_router.get("/me/tokens", C(token::list));
     api_router.put("/me/tokens", C(token::new));
     api_router.delete("/me/tokens/:id", C(token::revoke));
+    api_router.delete("/tokens/current", C(token::revoke_current));
     api_router.get(
         "/me/crate_owner_invitations",
         C(crate_owner_invitation::list),

src/tests/token.rs

@@ -273,6 +273,55 @@ fn revoke_token_success() {
     });
 }
 
+#[test]
+fn revoke_current_token_success() {
+    let (app, _, user, token) = TestApp::init().with_token();
+
+    // List tokens contains the token
+    app.db(|conn| {
+        let tokens = t!(ApiToken::belonging_to(user.as_model()).load::<ApiToken>(conn));
+        assert_eq!(tokens.len(), 1);
+        assert_eq!(tokens[0].name, token.as_model().name);
+    });
+
+    // Revoke the token
+    let _json: RevokedResponse = token.delete("/api/v1/tokens/current").good();
+
+    // List tokens no longer contains the token
+    app.db(|conn| {
+        let count = ApiToken::belonging_to(user.as_model())
+            .filter(api_tokens::revoked.eq(false))
+            .count()
+            .get_result(conn);
+        assert_eq!(count, Ok(0));
+    });
+}
+
+#[test]
+fn revoke_current_token_fail() {
+    let (app, _, user, token) = TestApp::init().with_token();
+
+    // List tokens contains the token
+    app.db(|conn| {
+        let tokens = t!(ApiToken::belonging_to(user.as_model()).load::<ApiToken>(conn));
+        assert_eq!(tokens.len(), 1);
+        assert_eq!(tokens[0].name, token.as_model().name);
+    });
+
+    // Revoke the token
+    user.delete::<()>("/api/v1/tokens/current")
+        .assert_status(StatusCode::BAD_REQUEST);
+
+    // List tokens no longer contains the token
+    app.db(|conn| {
+        let count = ApiToken::belonging_to(user.as_model())
+            .filter(api_tokens::revoked.eq(false))
+            .count()
+            .get_result(conn);
+        assert_eq!(count, Ok(1));
+    });
+}
+
 #[test]
 fn token_gives_access_to_me() {
     let url = "/api/v1/me";