Skip to content

Commit

Permalink
feat: allow listing instead if revoke listing in oauth2
Browse files Browse the repository at this point in the history
  • Loading branch information
@tamassoltesz
tamassoltesz committed Oct 22, 2024
1 parent c551647 commit 226329c
Show file tree
Hide file tree
Showing 10 changed files with 365 additions and 246 deletions.
4 changes: 2 additions & 2 deletions src/main/java/io/supertokens/Main.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
import io.supertokens.config.Config;
import io.supertokens.config.CoreConfig;
import io.supertokens.cronjobs.Cronjobs;
import io.supertokens.cronjobs.cleanupOAuthRevokeListAndChallenges.CleanupOAuthRevokeListAndChallenges;
import io.supertokens.cronjobs.cleanupOAuthRevokeListAndChallenges.CleanupOAuthSessionsAndChallenges;
import io.supertokens.cronjobs.deleteExpiredAccessTokenSigningKeys.DeleteExpiredAccessTokenSigningKeys;
import io.supertokens.cronjobs.deleteExpiredDashboardSessions.DeleteExpiredDashboardSessions;
import io.supertokens.cronjobs.deleteExpiredEmailVerificationTokens.DeleteExpiredEmailVerificationTokens;
Expand Down Expand Up @@ -257,7 +257,7 @@ private void init() throws IOException, StorageQueryException {
// starts DeleteExpiredAccessTokenSigningKeys cronjob if the access token signing keys can change
Cronjobs.addCronjob(this, DeleteExpiredAccessTokenSigningKeys.init(this, uniqueUserPoolIdsTenants));

Cronjobs.addCronjob(this, CleanupOAuthRevokeListAndChallenges.init(this, uniqueUserPoolIdsTenants));
Cronjobs.addCronjob(this, CleanupOAuthSessionsAndChallenges.init(this, uniqueUserPoolIdsTenants));

// this is to ensure tenantInfos are in sync for the new cron job as well
MultitenancyHelper.getInstance(this).refreshCronjobs();
Expand Down
16 changes: 8 additions & 8 deletions .../CleanupOAuthRevokeListAndChallenges.java → ...es/CleanupOAuthSessionsAndChallenges.java
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
package io.supertokens.cronjobs.cleanupOAuthRevokeListAndChallenges;

import java.util.List;

import io.supertokens.Main;
import io.supertokens.cronjobs.CronTask;
import io.supertokens.cronjobs.CronTaskTest;
Expand All @@ -11,19 +9,21 @@
import io.supertokens.pluginInterface.multitenancy.TenantIdentifier;
import io.supertokens.pluginInterface.oauth.OAuthStorage;

public class CleanupOAuthRevokeListAndChallenges extends CronTask {
import java.util.List;

public class CleanupOAuthSessionsAndChallenges extends CronTask {

public static final String RESOURCE_KEY = "io.supertokens.cronjobs.cleanupOAuthRevokeListAndChallenges" +
".CleanupOAuthRevokeListAndChallenges";

private CleanupOAuthRevokeListAndChallenges(Main main, List<List<TenantIdentifier>> tenantsInfo) {
private CleanupOAuthSessionsAndChallenges(Main main, List<List<TenantIdentifier>> tenantsInfo) {
super("CleanupOAuthRevokeList", main, tenantsInfo, true);
}

public static CleanupOAuthRevokeListAndChallenges init(Main main, List<List<TenantIdentifier>> tenantsInfo) {
return (CleanupOAuthRevokeListAndChallenges) main.getResourceDistributor()
public static CleanupOAuthSessionsAndChallenges init(Main main, List<List<TenantIdentifier>> tenantsInfo) {
return (CleanupOAuthSessionsAndChallenges) main.getResourceDistributor()
.setResource(new TenantIdentifier(null, null, null), RESOURCE_KEY,
new CleanupOAuthRevokeListAndChallenges(main, tenantsInfo));
new CleanupOAuthSessionsAndChallenges(main, tenantsInfo));
}

@Override
Expand All @@ -34,7 +34,7 @@ protected void doTaskPerStorage(Storage storage) throws Exception {

OAuthStorage oauthStorage = StorageUtils.getOAuthStorage(storage);
long monthAgo = System.currentTimeMillis() / 1000 - 31 * 24 * 3600;
oauthStorage.deleteExpiredRevokedOAuthTokens(monthAgo);
oauthStorage.deleteExpiredOAuthSessions(monthAgo);
oauthStorage.deleteExpiredOAuthM2MTokens(monthAgo);

oauthStorage.deleteOAuthLogoutChallengesBefore(System.currentTimeMillis() - 1000 * 60 * 60 * 48); // 48 hours
Expand Down
88 changes: 63 additions & 25 deletions src/main/java/io/supertokens/inmemorydb/Start.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,6 @@
import io.supertokens.pluginInterface.multitenancy.sqlStorage.MultitenancySQLStorage;
import io.supertokens.pluginInterface.oauth.OAuthClient;
import io.supertokens.pluginInterface.oauth.OAuthLogoutChallenge;
import io.supertokens.pluginInterface.oauth.OAuthRevokeTargetType;
import io.supertokens.pluginInterface.oauth.OAuthStorage;
import io.supertokens.pluginInterface.oauth.exception.DuplicateOAuthLogoutChallengeException;
import io.supertokens.pluginInterface.oauth.exception.OAuthClientNotFoundException;
Expand Down Expand Up @@ -3073,42 +3072,39 @@ public List<OAuthClient> getOAuthClients(AppIdentifier appIdentifier, List<Strin
}

@Override
public void revokeOAuthTokensBasedOnTargetFields(AppIdentifier appIdentifier, OAuthRevokeTargetType targetType, String targetValue, long exp)
throws StorageQueryException, TenantOrAppNotFoundException {
public boolean revokeOAuthTokenByGID(AppIdentifier appIdentifier, String gid) throws StorageQueryException {
try {
OAuthQueries.revokeOAuthTokensBasedOnTargetFields(this, appIdentifier, targetType, targetValue, exp);
return OAuthQueries.deleteOAuthSessionByGID(this, appIdentifier, gid);
} catch (SQLException e) {
if (e instanceof SQLiteException) {
String errorMessage = e.getMessage();
SQLiteConfig config = Config.getConfig(this);
throw new StorageQueryException(e);
}
}

if (isForeignKeyConstraintError(
errorMessage,
config.getOAuthRevokeTable(),
new String[]{"app_id"},
new Object[]{appIdentifier.getAppId()})) {
throw new TenantOrAppNotFoundException(appIdentifier);
}
}
@Override
public boolean revokeOAuthTokenByClientId(AppIdentifier appIdentifier, String clientId)
throws StorageQueryException {
try {
return OAuthQueries.deleteOAuthSessionByClientId(this, appIdentifier, clientId);
} catch (SQLException e) {
throw new StorageQueryException(e);
}

}

@Override
public boolean isOAuthTokenRevokedBasedOnTargetFields(AppIdentifier appIdentifier, OAuthRevokeTargetType[] targetTypes, String[] targetValues, long issuedAt)
public boolean revokeOAuthTokenByJTI(AppIdentifier appIdentifier, String gid, String jti)
throws StorageQueryException {
try {
return OAuthQueries.isOAuthTokenRevokedBasedOnTargetFields(this, appIdentifier, targetTypes, targetValues, issuedAt);
return OAuthQueries.deleteJTIFromOAuthSession(this, appIdentifier, gid, jti);
} catch (SQLException e) {
throw new StorageQueryException(e);
}
}

@Override
public void deleteExpiredRevokedOAuthTokens(long exp) throws StorageQueryException {
public boolean revokeOAuthTokenBySessionHandle(AppIdentifier appIdentifier, String sessionHandle)
throws StorageQueryException {
try {
OAuthQueries.deleteExpiredRevokedOAuthTokens(this, exp);
return OAuthQueries.deleteOAuthSessionBySessionHandle(this, appIdentifier, sessionHandle);
} catch (SQLException e) {
throw new StorageQueryException(e);
}
Expand Down Expand Up @@ -3197,10 +3193,13 @@ public void deleteOAuthLogoutChallengesBefore(long time) throws StorageQueryExce
}

@Override
public void createOrUpdateRefreshTokenMapping(AppIdentifier appIdentifier, String externalTokensRefreshToken,
String internalRefreshToken, long exp) throws StorageQueryException {
public void createOrUpdateOAuthSession(AppIdentifier appIdentifier, String gid, String clientId,
String externalRefreshToken, String internalRefreshToken,
String sessionHandle, List<String> jtis, long exp)
throws StorageQueryException {
try {
OAuthQueries.createOrUpdateRefreshTokenMapping(this, appIdentifier, externalTokensRefreshToken, internalRefreshToken, exp);
OAuthQueries.createOrUpdateOAuthSession(this, appIdentifier, gid, clientId, externalRefreshToken,
internalRefreshToken, sessionHandle, jtis, exp);
} catch (SQLException e) {
throw new StorageQueryException(e);
}
Expand All @@ -3227,9 +3226,9 @@ public void deleteRefreshTokenMapping(AppIdentifier appIdentifier, String extern
}

@Override
public void deleteExpiredRefreshTokenMappings(long exp) throws StorageQueryException {
public void deleteExpiredOAuthSessions(long exp) throws StorageQueryException {
try {
OAuthQueries.deleteExpiredRefreshTokenMappings(this, exp);
OAuthQueries.deleteExpiredOAuthSessions(this, exp);
} catch (SQLException e) {
throw new StorageQueryException(e);
}
Expand Down Expand Up @@ -3272,4 +3271,43 @@ public int countTotalNumberOfOAuthM2MTokensAlive(AppIdentifier appIdentifier) th
throw new StorageQueryException(e);
}
}

@Override
public boolean isOAuthTokenRevokedByClientId(AppIdentifier appIdentifier, String clientId)
throws StorageQueryException {
try {
return !OAuthQueries.isOAuthSessionExistsByClientId(this, appIdentifier, clientId);
} catch (SQLException e) {
throw new StorageQueryException(e);
}
}

@Override
public boolean isOAuthTokenRevokedByGID(AppIdentifier appIdentifier, String gid) throws StorageQueryException {
try {
return !OAuthQueries.isOAuthSessionExistsByGID(this, appIdentifier, gid);
} catch (SQLException e) {
throw new StorageQueryException(e);
}
}

@Override
public boolean isOAuthTokenRevokedByJTI(AppIdentifier appIdentifier, String gid, String jti)
throws StorageQueryException {
try {
return !OAuthQueries.isOAuthSessionExistsByJTI(this, appIdentifier, gid, jti);
} catch (SQLException e) {
throw new StorageQueryException(e);
}
}

@Override
public boolean isOAuthTokenRevokedBySessionHandle(AppIdentifier appIdentifier, String sessionHandle)
throws StorageQueryException {
try {
return !OAuthQueries.isOAuthSessionExistsBySessionHandle(this, appIdentifier, sessionHandle);
} catch (SQLException e) {
throw new StorageQueryException(e);
}
}
}
8 changes: 4 additions & 4 deletions src/main/java/io/supertokens/inmemorydb/config/SQLiteConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -173,14 +173,14 @@ public String getOAuthRefreshTokenMappingTable() {
return "oauth_refresh_token_mapping";
}

public String getOAuthRevokeTable() {
return "oauth_revoke";
}

public String getOAuthM2MTokensTable() {
return "oauth_m2m_tokens";
}

public String getOAuthSessionsTable() {
return "oauth_sessions";
}

public String getOAuthLogoutChallengesTable() {
return "oauth_logout_challenges";
}
Expand Down
15 changes: 3 additions & 12 deletions src/main/java/io/supertokens/inmemorydb/queries/GeneralQueries.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -432,21 +432,12 @@ public static void createTablesIfNotExists(Start start, Main main) throws SQLExc
update(start, OAuthQueries.getQueryToCreateOAuthClientTable(start), NO_OP_SETTER);
}

if (!doesTableExists(start, Config.getConfig(start).getOAuthRefreshTokenMappingTable())) {
if (!doesTableExists(start, Config.getConfig(start).getOAuthSessionsTable())) {
getInstance(main).addState(CREATING_NEW_TABLE, null);
update(start, OAuthQueries.getQueryToCreateOAuthRefreshTokenMappingTable(start), NO_OP_SETTER);
update(start, OAuthQueries.getQueryToCreateOAuthSessionsTable(start), NO_OP_SETTER);

// index
update(start, OAuthQueries.getQueryToCreateOAuthRefreshTokenMappingExpIndex(start), NO_OP_SETTER);
}

if (!doesTableExists(start, Config.getConfig(start).getOAuthRevokeTable())) {
getInstance(main).addState(CREATING_NEW_TABLE, null);
update(start, OAuthQueries.getQueryToCreateOAuthRevokeTable(start), NO_OP_SETTER);

// index
update(start, OAuthQueries.getQueryToCreateOAuthRevokeTimestampIndex(start), NO_OP_SETTER);
update(start, OAuthQueries.getQueryToCreateOAuthRevokeExpIndex(start), NO_OP_SETTER);
update(start, OAuthQueries.getQueryToCreateOAuthSessionsTable(start), NO_OP_SETTER);
}

if (!doesTableExists(start, Config.getConfig(start).getOAuthM2MTokensTable())) {
Expand Down
Loading

0 comments on commit 226329c

Please sign in to comment.