Make oauth_revoke_token work with all backends

author: Paweł Chmielowski <pawel@process-one.net> 2022-04-20 19:07:46 +0200
committer: Paweł Chmielowski <pawel@process-one.net> 2022-04-20 19:07:52 +0200
commit: e59043db2cd8775dd4cf4c1c277b2eb1ec7846e0 (patch)
tree: f975302e846d942750b8bcf9f413f0ae08b0b14b /src
parent: Clarify mod_offline's use_mam_for_storage option (diff)
4 files changed, 47 insertions, 20 deletions
diff --git a/src/ejabberd_oauth.erl b/src/ejabberd_oauth.erl
index 1d26798b0..2e812d758 100644
--- a/src/ejabberd_oauth.erl
+++ b/src/ejabberd_oauth.erl
@@ -65,6 +65,7 @@
 -callback init() -> any().
 -callback store(#oauth_token{}) -> ok | {error, any()}.
 -callback lookup(binary()) -> {ok, #oauth_token{}} | error.
+-callback revoke(binary()) -> ok | {error, binary()}.
 -callback clean(non_neg_integer()) -> any().
 
 -record(oauth_ctx, {
@@ -99,12 +100,12 @@ get_commands_spec() ->
                         result = {tokens, {list, {token, {tuple, [{token, string}, {user, string}, {scope, string}, {expires_in, string}]}}}}
                        },
      #ejabberd_commands{name = oauth_revoke_token, tags = [oauth],
-                        desc = "Revoke authorization for a token (only Mnesia)",
+                        desc = "Revoke authorization for a token",
                         module = ?MODULE, function = oauth_revoke_token,
-                        args = [{token, string}],
+                        args = [{token, binary}],
                         policy = restricted,
-                        result = {tokens, {list, {token, {tuple, [{token, string}, {user, string}, {scope, string}, {expires_in, string}]}}}},
-                        result_desc = "List of remaining tokens"
+                        result = {res, restuple},
+                        result_desc = "Result code"
                        },
      #ejabberd_commands{name = oauth_add_client_password, tags = [oauth],
                         desc = "Add OAUTH client_id with password grant type",
@@ -160,8 +161,15 @@ oauth_list_tokens() ->
 
 
 oauth_revoke_token(Token) ->
-    ok = mnesia:dirty_delete(oauth_token, list_to_binary(Token)),
-    oauth_list_tokens().
+    DBMod = get_db_backend(),
+    case DBMod:revoke(Token) of
+        ok ->
+            ets_cache:delete(oauth_cache, Token,
+                             ejabberd_cluster:get_nodes()),
+            {ok, ""};
+        Other ->
+            Other
+    end.
 
 oauth_add_client_password(ClientID, ClientName, Secret) ->
     DBMod = get_db_backend(),
diff --git a/src/ejabberd_oauth_mnesia.erl b/src/ejabberd_oauth_mnesia.erl
index 8bb2efba7..f4060702e 100644
--- a/src/ejabberd_oauth_mnesia.erl
+++ b/src/ejabberd_oauth_mnesia.erl
@@ -28,13 +28,13 @@
 -behaviour(ejabberd_oauth).
 
 -export([init/0,
-         store/1,
-         lookup/1,
-         clean/1,
-         lookup_client/1,
-         store_client/1,
-         remove_client/1,
-	 use_cache/0]).
+	 store/1,
+	 lookup/1,
+	 clean/1,
+	 lookup_client/1,
+	 store_client/1,
+	 remove_client/1,
+	 use_cache/0, revoke/1]).
 
 -include("ejabberd_oauth.hrl").
 
@@ -68,6 +68,11 @@ lookup(Token) ->
             error
     end.
 
+
+-spec revoke(binary()) -> ok | error.
+revoke(Token) ->
+    mnesia:dirty_delete(oauth_token, Token).
+
 clean(TS) ->
     F = fun() ->
 		Ts = mnesia:select(
diff --git a/src/ejabberd_oauth_rest.erl b/src/ejabberd_oauth_rest.erl
index 9182ec256..a170826fb 100644
--- a/src/ejabberd_oauth_rest.erl
+++ b/src/ejabberd_oauth_rest.erl
@@ -32,7 +32,7 @@
          lookup/1,
          clean/1,
          lookup_client/1,
-         store_client/1]).
+         store_client/1, revoke/1]).
 
 -include("ejabberd_oauth.hrl").
 -include("logger.hrl").
@@ -87,6 +87,10 @@ lookup(Token) ->
 	    end
     end.
 
+-spec revoke(binary()) -> ok | {error, binary()}.
+revoke(_Token) ->
+    {error, <<"not available">>}.
+
 clean(_TS) ->
     ok.
 
diff --git a/src/ejabberd_oauth_sql.erl b/src/ejabberd_oauth_sql.erl
index 89dcc590c..b73f56b78 100644
--- a/src/ejabberd_oauth_sql.erl
+++ b/src/ejabberd_oauth_sql.erl
@@ -28,12 +28,12 @@
 -behaviour(ejabberd_oauth).
 
 -export([init/0,
-         store/1,
-         lookup/1,
-         clean/1,
-         lookup_client/1,
-         store_client/1,
-         remove_client/1]).
+	 store/1,
+	 lookup/1,
+	 clean/1,
+	 lookup_client/1,
+	 store_client/1,
+	 remove_client/1, revoke/1]).
 
 -include("ejabberd_oauth.hrl").
 -include("ejabberd_sql_pt.hrl").
@@ -78,6 +78,16 @@ lookup(Token) ->
             error
     end.
 
+revoke(Token) ->
+    case ejabberd_sql:sql_query(
+	ejabberd_config:get_myname(),
+	?SQL("delete from oauth_token where token=%(Token)s")) of
+	{error, _} ->
+	    {error, <<"db error">>};
+	_ ->
+	    ok
+    end.
+
 clean(TS) ->
     ejabberd_sql:sql_query(
       ejabberd_config:get_myname(),
author	Paweł Chmielowski <pawel@process-one.net>	2022-04-20 19:07:46 +0200
committer	Paweł Chmielowski <pawel@process-one.net>	2022-04-20 19:07:52 +0200
commit	e59043db2cd8775dd4cf4c1c277b2eb1ec7846e0 (patch)
tree	f975302e846d942750b8bcf9f413f0ae08b0b14b /src
parent	Clarify mod_offline's use_mam_for_storage option (diff)