mirror of
https://github.com/logto-io/logto.git
synced 2024-12-16 20:26:19 -05:00
feat(core): revoke tokens when user is suspended (#2407)
This commit is contained in:
parent
3bcd29ec89
commit
8dc2be1eee
3 changed files with 20 additions and 0 deletions
|
@ -108,3 +108,11 @@ export const revokeInstanceByGrantId = async (modelName: string, grantId: string
|
|||
and ${fields.payload}->>'grantId'=${grantId}
|
||||
`);
|
||||
};
|
||||
|
||||
export const revokeInstanceByUserId = async (modelName: string, userId: string) => {
|
||||
await envSet.pool.query(sql`
|
||||
delete from ${table}
|
||||
where ${fields.modelName}=${modelName}
|
||||
and ${fields.payload}->>'accountId'=${userId}
|
||||
`);
|
||||
};
|
||||
|
|
|
@ -80,6 +80,12 @@ jest.mock('@/queries/roles', () => ({
|
|||
),
|
||||
}));
|
||||
|
||||
const revokeInstanceByUserId = jest.fn();
|
||||
jest.mock('@/queries/oidc-model-instance', () => ({
|
||||
revokeInstanceByUserId: async (modelName: string, userId: string) =>
|
||||
revokeInstanceByUserId(modelName, userId),
|
||||
}));
|
||||
|
||||
describe('adminUserRoutes', () => {
|
||||
const userRequest = createRequester({ authedRoutes: adminUserRoutes });
|
||||
|
||||
|
@ -324,6 +330,7 @@ describe('adminUserRoutes', () => {
|
|||
.patch(`/users/${mockedUserId}/is-suspended`)
|
||||
.send({ isSuspended: true });
|
||||
expect(updateUserById).toHaveBeenCalledWith(mockedUserId, { isSuspended: true });
|
||||
expect(revokeInstanceByUserId).toHaveBeenCalledWith('refreshToken', mockedUserId);
|
||||
expect(response.status).toEqual(200);
|
||||
expect(response.body).toEqual({
|
||||
...mockUserResponse,
|
||||
|
|
|
@ -9,6 +9,7 @@ import RequestError from '@/errors/RequestError';
|
|||
import { encryptUserPassword, generateUserId, insertUser } from '@/lib/user';
|
||||
import koaGuard from '@/middleware/koa-guard';
|
||||
import koaPagination from '@/middleware/koa-pagination';
|
||||
import { revokeInstanceByUserId } from '@/queries/oidc-model-instance';
|
||||
import { findRolesByRoleNames } from '@/queries/roles';
|
||||
import {
|
||||
deleteUserById,
|
||||
|
@ -260,6 +261,10 @@ export default function adminUserRoutes<T extends AuthedRouter>(router: T) {
|
|||
isSuspended,
|
||||
});
|
||||
|
||||
if (isSuspended) {
|
||||
await revokeInstanceByUserId('refreshToken', user.id);
|
||||
}
|
||||
|
||||
ctx.body = pick(user, ...userInfoSelectFields);
|
||||
|
||||
return next();
|
||||
|
|
Loading…
Reference in a new issue