remove user token after account is deleted or logged out

mullvad · Sep 12, 2023 · 68bedf0 · 68bedf0
1 parent b952fff
commit 68bedf0
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 2 deletions.
diff --git a/ios/MullvadREST/RESTAccessTokenManager.swift b/ios/MullvadREST/RESTAccessTokenManager.swift
@@ -62,5 +62,14 @@ extension REST {
 
             return operation
         }
+
+        func invalidateToken(for accountNumber: String) {
+            operationQueue.addOperation(AsyncBlockOperation(dispatchQueue: dispatchQueue) { [weak self] in
+                guard let self else {
+                    return
+                }
+                self.tokens.removeValue(forKey: accountNumber)
+            })
+        }
     }
 }
diff --git a/ios/MullvadREST/RESTAccountsProxy.swift b/ios/MullvadREST/RESTAccountsProxy.swift
@@ -94,6 +94,7 @@ extension REST {
             retryStrategy: RetryStrategy,
             completion: @escaping CompletionHandler<Void>
         ) -> Cancellable {
+            let accessTokenProvider = createAuthorizationProvider(accountNumber: accountNumber)
             let requestHandler = AnyRequestHandler(createURLRequest: { endpoint, authorization in
                 var requestBuilder = try self.requestFactory.createRequestBuilder(
                     endpoint: endpoint,
@@ -104,13 +105,14 @@ extension REST {
                 requestBuilder.addValue(accountNumber, forHTTPHeaderField: "Mullvad-Account-Number")
 
                 return requestBuilder.getRequest()
-            }, authorizationProvider: createAuthorizationProvider(accountNumber: accountNumber))
+            }, authorizationProvider: accessTokenProvider)
 
             let responseHandler = AnyResponseHandler { response, data -> ResponseHandlerResult<Void> in
                 let statusCode = HTTPStatus(rawValue: response.statusCode)
 
                 switch statusCode {
                 case let statusCode where statusCode.isSuccess:
+                    accessTokenProvider.invalidateToken()
                     return .success(())
                 default:
                     return .unhandledResponse(

diff --git a/ios/MullvadREST/RESTAuthorization.swift b/ios/MullvadREST/RESTAuthorization.swift
@@ -13,6 +13,7 @@ import Operations
 protocol RESTAuthorizationProvider {
     func getAuthorization(completion: @escaping (Result<REST.Authorization, Swift.Error>) -> Void)
         -> Cancellable
+    func invalidateToken()
 }
 
 extension REST {
@@ -37,6 +38,10 @@ extension REST {
                 })
             }
         }
+
+        func invalidateToken() {
+            accessTokenManager.invalidateToken(for: accountNumber)
+        }
     }
 }
 

diff --git a/ios/MullvadREST/RESTDevicesProxy.swift b/ios/MullvadREST/RESTDevicesProxy.swift
@@ -166,6 +166,8 @@ extension REST {
             retryStrategy: REST.RetryStrategy,
             completion: @escaping CompletionHandler<Bool>
         ) -> Cancellable {
+            let accessTokenProvider = createAuthorizationProvider(accountNumber: accountNumber)
+
             let requestHandler = AnyRequestHandler(
                 createURLRequest: { endpoint, authorization in
                     var path: URLPathTemplate = "devices/{id}"
@@ -187,7 +189,7 @@ extension REST {
 
                     return requestBuilder.getRequest()
                 },
-                authorizationProvider: createAuthorizationProvider(accountNumber: accountNumber)
+                authorizationProvider: accessTokenProvider
             )
 
             let responseHandler =
@@ -196,6 +198,7 @@ extension REST {
 
                     switch statusCode {
                     case let statusCode where statusCode.isSuccess:
+                        accessTokenProvider.invalidateToken()
                         return .success(true)
 
                     case .notFound: