0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-16 20:26:19 -05:00

feat(core): revoke tokens when user is suspended (#2407)

This commit is contained in:
wangsijie 2022-11-11 15:17:12 +08:00 committed by GitHub
parent 3bcd29ec89
commit 8dc2be1eee
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 20 additions and 0 deletions

View file

@ -108,3 +108,11 @@ export const revokeInstanceByGrantId = async (modelName: string, grantId: string
and ${fields.payload}->>'grantId'=${grantId}
`);
};
export const revokeInstanceByUserId = async (modelName: string, userId: string) => {
await envSet.pool.query(sql`
delete from ${table}
where ${fields.modelName}=${modelName}
and ${fields.payload}->>'accountId'=${userId}
`);
};

View file

@ -80,6 +80,12 @@ jest.mock('@/queries/roles', () => ({
),
}));
const revokeInstanceByUserId = jest.fn();
jest.mock('@/queries/oidc-model-instance', () => ({
revokeInstanceByUserId: async (modelName: string, userId: string) =>
revokeInstanceByUserId(modelName, userId),
}));
describe('adminUserRoutes', () => {
const userRequest = createRequester({ authedRoutes: adminUserRoutes });
@ -324,6 +330,7 @@ describe('adminUserRoutes', () => {
.patch(`/users/${mockedUserId}/is-suspended`)
.send({ isSuspended: true });
expect(updateUserById).toHaveBeenCalledWith(mockedUserId, { isSuspended: true });
expect(revokeInstanceByUserId).toHaveBeenCalledWith('refreshToken', mockedUserId);
expect(response.status).toEqual(200);
expect(response.body).toEqual({
...mockUserResponse,

View file

@ -9,6 +9,7 @@ import RequestError from '@/errors/RequestError';
import { encryptUserPassword, generateUserId, insertUser } from '@/lib/user';
import koaGuard from '@/middleware/koa-guard';
import koaPagination from '@/middleware/koa-pagination';
import { revokeInstanceByUserId } from '@/queries/oidc-model-instance';
import { findRolesByRoleNames } from '@/queries/roles';
import {
deleteUserById,
@ -260,6 +261,10 @@ export default function adminUserRoutes<T extends AuthedRouter>(router: T) {
isSuspended,
});
if (isSuspended) {
await revokeInstanceByUserId('refreshToken', user.id);
}
ctx.body = pick(user, ...userInfoSelectFields);
return next();