From 072c6629d30243c3d389681f67bd78ab9cbd400e Mon Sep 17 00:00:00 2001 From: simeng-li Date: Wed, 20 Dec 2023 13:34:18 +0800 Subject: [PATCH] feat(core,schemas): add application user consent scope delete api (#5120) * feat(core,schemas): add application user consent scope delete api add application user consent scope delete api * chore(core): add the invalid user consent scope type fallback error add the invalid user consent scope type fallback error --- packages/core/src/libraries/application.ts | 33 +++++- .../application-user-consent-scopes.ts | 15 +++ ...pplication-user-consent-scope.openapi.json | 14 +++ .../application-user-consent-scope.ts | 32 +++++- .../src/api/application-user-consent-scope.ts | 14 ++- .../application-user-consent-scope.test.ts | 105 +++++++++++++++++- packages/schemas/src/types/application.ts | 6 + 7 files changed, 215 insertions(+), 4 deletions(-) diff --git a/packages/core/src/libraries/application.ts b/packages/core/src/libraries/application.ts index fc95febed..faf15db40 100644 --- a/packages/core/src/libraries/application.ts +++ b/packages/core/src/libraries/application.ts @@ -1,4 +1,9 @@ -import { OrganizationScopes, Scopes, type Scope } from '@logto/schemas'; +import { + OrganizationScopes, + Scopes, + type Scope, + ApplicationUserConsentScopeType, +} from '@logto/schemas'; import RequestError from '#src/errors/RequestError/index.js'; import type Queries from '#src/tenants/Queries.js'; @@ -156,6 +161,31 @@ export const createApplicationLibrary = (queries: Queries) => { const getApplicationUserConsentScopes = async (applicationId: string) => useConsentUserScopes.findAllByApplicationId(applicationId); + const deleteApplicationUserConsentScopesByTypeAndScopeId = async ( + applicationId: string, + type: ApplicationUserConsentScopeType, + scopeId: string + ) => { + switch (type) { + case ApplicationUserConsentScopeType.OrganizationScopes: { + await userConsentOrganizationScopes.delete({ applicationId, organizationScopeId: scopeId }); + break; + } + case ApplicationUserConsentScopeType.ResourceScopes: { + await userConsentResourceScopes.delete({ applicationId, scopeId }); + break; + } + case ApplicationUserConsentScopeType.UserScopes: { + await useConsentUserScopes.deleteByApplicationIdAndScopeId(applicationId, scopeId); + break; + } + default: { + // eslint-disable-next-line @typescript-eslint/restrict-template-expressions -- just in case + throw new Error(`Unexpected application user consent scope type: ${type}`); + } + } + }; + return { validateThirdPartyApplicationById, findApplicationScopesForResourceIndicator, @@ -164,5 +194,6 @@ export const createApplicationLibrary = (queries: Queries) => { getApplicationUserConsentOrganizationScopes, getApplicationUserConsentResourceScopes, getApplicationUserConsentScopes, + deleteApplicationUserConsentScopesByTypeAndScopeId, }; }; diff --git a/packages/core/src/queries/application-user-consent-scopes.ts b/packages/core/src/queries/application-user-consent-scopes.ts index 3da1d383e..f3fe2ce09 100644 --- a/packages/core/src/queries/application-user-consent-scopes.ts +++ b/packages/core/src/queries/application-user-consent-scopes.ts @@ -11,6 +11,7 @@ import { convertToIdentifiers } from '@logto/shared'; import { sql, type CommonQueryMethods } from 'slonik'; import { buildInsertIntoWithPool } from '#src/database/insert-into.js'; +import { DeletionError } from '#src/errors/SlonikError/index.js'; import { TwoRelationsQueries } from '#src/utils/RelationQueries.js'; export class ApplicationUserConsentOrganizationScopeQueries extends TwoRelationsQueries< @@ -48,8 +49,22 @@ export const createApplicationUserConsentUserScopeQueries = (pool: CommonQueryMe return scopes.map(({ userScope }) => userScope); }; + const deleteByApplicationIdAndScopeId = async (applicationId: string, scopeId: string) => { + const { table, fields } = convertToIdentifiers(ApplicationUserConsentUserScopes); + + const { rowCount } = await pool.query(sql` + delete from ${table} + where ${fields.applicationId} = ${applicationId} and ${fields.userScope} = ${scopeId} + `); + + if (rowCount < 1) { + throw new DeletionError(ApplicationUserConsentUserScopes.table); + } + }; + return { insert, findAllByApplicationId, + deleteByApplicationIdAndScopeId, }; }; diff --git a/packages/core/src/routes/applications/application-user-consent-scope.openapi.json b/packages/core/src/routes/applications/application-user-consent-scope.openapi.json index 3aa2d1429..a0de2d9c6 100644 --- a/packages/core/src/routes/applications/application-user-consent-scope.openapi.json +++ b/packages/core/src/routes/applications/application-user-consent-scope.openapi.json @@ -64,6 +64,20 @@ } } } + }, + "/api/applications/{applicationId}/user-consent-scopes/{scopeType}/{scopeId}": { + "delete": { + "summary": "Remove user consent scope from application.", + "description": "Remove the user consent scope from an application by application id, scope type and scope id", + "responses": { + "204": { + "description": "The user consent scope is removed from the application successfully" + }, + "404": { + "description": "The application or scope is not found" + } + } + } } } } diff --git a/packages/core/src/routes/applications/application-user-consent-scope.ts b/packages/core/src/routes/applications/application-user-consent-scope.ts index 19d686d45..136d4d834 100644 --- a/packages/core/src/routes/applications/application-user-consent-scope.ts +++ b/packages/core/src/routes/applications/application-user-consent-scope.ts @@ -1,5 +1,8 @@ import { UserScope } from '@logto/core-kit'; -import { applicationUserConsentScopesResponseGuard } from '@logto/schemas'; +import { + applicationUserConsentScopesResponseGuard, + ApplicationUserConsentScopeType, +} from '@logto/schemas'; import { object, string, nativeEnum } from 'zod'; import koaGuard from '#src/middleware/koa-guard.js'; @@ -21,6 +24,7 @@ export default function applicationUserConsentScopeRoutes { + const { + params: { applicationId, scopeType, scopeId }, + } = ctx.guard; + + // Validate application exists + await findApplicationById(applicationId); + + await deleteApplicationUserConsentScopesByTypeAndScopeId(applicationId, scopeType, scopeId); + + ctx.status = 204; + + return next(); + } + ); } diff --git a/packages/integration-tests/src/api/application-user-consent-scope.ts b/packages/integration-tests/src/api/application-user-consent-scope.ts index e59f8456b..804a4b561 100644 --- a/packages/integration-tests/src/api/application-user-consent-scope.ts +++ b/packages/integration-tests/src/api/application-user-consent-scope.ts @@ -1,5 +1,8 @@ import { type UserScope } from '@logto/core-kit'; -import { type ApplicationUserConsentScopesResponse } from '@logto/schemas'; +import { + type ApplicationUserConsentScopeType, + type ApplicationUserConsentScopesResponse, +} from '@logto/schemas'; import { authedAdminApi } from './api.js'; @@ -16,3 +19,12 @@ export const getUserConsentScopes = async (applicationId: string) => authedAdminApi .get(`applications/${applicationId}/user-consent-scopes`) .json(); + +export const deleteUserConsentScopes = async ( + applicationId: string, + scopeType: ApplicationUserConsentScopeType, + scopeId: string +) => + authedAdminApi.delete( + `applications/${applicationId}/user-consent-scopes/${scopeType}/${scopeId}` + ); diff --git a/packages/integration-tests/src/tests/api/application-user-consent-scope.test.ts b/packages/integration-tests/src/tests/api/application-user-consent-scope.test.ts index 6dd6086bb..4813cee04 100644 --- a/packages/integration-tests/src/tests/api/application-user-consent-scope.test.ts +++ b/packages/integration-tests/src/tests/api/application-user-consent-scope.test.ts @@ -1,9 +1,10 @@ import { UserScope } from '@logto/core-kit'; -import { ApplicationType } from '@logto/schemas'; +import { ApplicationType, ApplicationUserConsentScopeType } from '@logto/schemas'; import { assignUserConsentScopes, getUserConsentScopes, + deleteUserConsentScopes, } from '#src/api/application-user-consent-scope.js'; import { createApplication, deleteApplication } from '#src/api/application.js'; import { OrganizationScopeApi } from '#src/api/organization-scope.js'; @@ -173,4 +174,106 @@ describe('assign user consent scopes to application', () => { await deleteApplication(newApp.id); }); + + it('should return 404 when trying to delete consent scopes from non-existing application', async () => { + await expectRejects( + deleteUserConsentScopes( + 'non-existing-application', + ApplicationUserConsentScopeType.OrganizationScopes, + organizationScopes.get('organizationScope1')! + ), + { + code: 'entity.not_exists_with_id', + statusCode: 404, + } + ); + }); + + it('should return 404 when trying to delete non-existing consent scopes', async () => { + await expectRejects( + deleteUserConsentScopes( + applicationIds.get('thirdPartyApp')!, + ApplicationUserConsentScopeType.OrganizationScopes, + 'non-existing-organization-scope' + ), + { + code: 'entity.not_found', + statusCode: 404, + } + ); + + await expectRejects( + deleteUserConsentScopes( + applicationIds.get('thirdPartyApp')!, + ApplicationUserConsentScopeType.ResourceScopes, + 'non-existing-resource-scope' + ), + { + code: 'entity.not_found', + statusCode: 404, + } + ); + + await expectRejects( + deleteUserConsentScopes( + applicationIds.get('thirdPartyApp')!, + ApplicationUserConsentScopeType.UserScopes, + 'non-existing-user-scope' + ), + { + code: 'entity.not_found', + statusCode: 404, + } + ); + }); + + it('should delete consent scopes successfully', async () => { + await expect( + assignUserConsentScopes(applicationIds.get('thirdPartyApp')!, { + organizationScopes: Array.from(organizationScopes.values()), + resourceScopes: Array.from(resourceScopes.values()), + userScopes: [UserScope.Profile, UserScope.Email, UserScope.OrganizationRoles], + }) + ).resolves.not.toThrow(); + + await expect( + deleteUserConsentScopes( + applicationIds.get('thirdPartyApp')!, + ApplicationUserConsentScopeType.OrganizationScopes, + organizationScopes.get('organizationScope1')! + ) + ).resolves.not.toThrow(); + + await expect( + deleteUserConsentScopes( + applicationIds.get('thirdPartyApp')!, + ApplicationUserConsentScopeType.ResourceScopes, + resourceScopes.get('resourceScope1')! + ) + ).resolves.not.toThrow(); + + await expect( + deleteUserConsentScopes( + applicationIds.get('thirdPartyApp')!, + ApplicationUserConsentScopeType.UserScopes, + UserScope.OrganizationRoles + ) + ).resolves.not.toThrow(); + + const result = await getUserConsentScopes(applicationIds.get('thirdPartyApp')!); + + expect( + result.organizationScopes.find( + ({ id }) => id === organizationScopes.get('organizationScope1')! + ) + ).toBeUndefined(); + + expect( + result.resourceScopes[0]!.scopes.find( + ({ id }) => id === resourceScopes.get('resourceScope1')! + ) + ).toBeUndefined(); + + expect(result.userScopes.includes(UserScope.OrganizationRoles)).toBeFalsy(); + }); }); diff --git a/packages/schemas/src/types/application.ts b/packages/schemas/src/types/application.ts index d0bf23bd0..65aec65b8 100644 --- a/packages/schemas/src/types/application.ts +++ b/packages/schemas/src/types/application.ts @@ -52,6 +52,12 @@ export const applicationUserConsentScopesResponseGuard = z.object({ userScopes: z.array(z.nativeEnum(UserScope)), }); +export enum ApplicationUserConsentScopeType { + OrganizationScopes = 'organization-scopes', + ResourceScopes = 'resource-scopes', + UserScopes = 'user-scopes', +} + export type ApplicationUserConsentScopesResponse = z.infer< typeof applicationUserConsentScopesResponseGuard >;