-
Notifications
You must be signed in to change notification settings - Fork 993
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #37936 - Invalidate jwt for any user or users(API) #10397
base: develop
Are you sure you want to change the base?
Conversation
end | ||
end | ||
|
||
api :DELETE, '/users/:id/registration_tokens', N_("Invalidate all JSON Web Tokens (JWTs) for a specific user.") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
api :DELETE, '/users/:id/registration_tokens', N_("Invalidate all JSON Web Tokens (JWTs) for a specific user.") | |
api :DELETE, '/users/:id/registration_tokens', N_("Invalidate all registration tokens for a specific user.") |
28cdc1b
to
85928e7
Compare
|
||
class Api::V2::RegistrationTokensControllerTest < ActionController::TestCase | ||
test 'user shall invalidate tokens for self' do | ||
user = User.create :login => "foo", :mail => "[email protected]", :auth_source => auth_sources(:one) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can use FactoryBot.create(:user)
here.
class Api::V2::RegistrationTokensControllerTest < ActionController::TestCase | ||
test 'user shall invalidate tokens for self' do | ||
user = User.create :login => "foo", :mail => "[email protected]", :auth_source => auth_sources(:one) | ||
FactoryBot.build(:jwt_secret, token: 'test_jwt_secret', user: user) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You probably want to create the token as part of the user creation, and use the create
method - to make sure the token is saved before the action.
end | ||
|
||
def find_resource(permission = :view_users) | ||
editing_self? ? User.find(User.current.id) : User.authorized(permission).except_hidden.find(params[:id]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ekohl what do you think, should we block changes to hidden accounts here?
@girijaasoni In the UI PR, we used the term |
@nofaralfasi , we can handle that in the documentation. Registration tokens make more sense from user POV(specially from API POV), as we are creating a new controller. For UI, we are trying to use the existing controller where jwt is used as phrasing. |
8858b6c
to
6d841de
Compare
raise ::Foreman::Exception.new(N_("No record found for %s"), params[:id]) | ||
end | ||
@user.jwt_secret&.destroy | ||
process_success _('Successfully invalidated JWTs for %s.' % @user.login) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@girijaasoni Can we add a newline here as well?
@girijaasoni invalidate token for other users doesn't work for invalidating self token. Can we fix that too? |
Link to UI PR: #10357