revoke all refresh tokens and use all authorization codes for user

2023-03-18 22:03:03 +01:00 · 2023-03-18 22:03:03 +01:00 · 009b8664fd
commit 009b8664fd
parent 5100aa1b4e
11 changed files with 94 additions and 8 deletions
--- a/crates/database/queries/authorization_codes/use_all_for_user.sql
+++ b/crates/database/queries/authorization_codes/use_all_for_user.sql
@ -0,0 +1,6 @@
+update authorization_codes
+
+set used_at = CURRENT_TIMESTAMP
+
+where user is ?
+  and used_at is null
--- a/crates/database/queries/refresh_tokens/revoke_all_for_user.sql
+++ b/crates/database/queries/refresh_tokens/revoke_all_for_user.sql
@ -0,0 +1,6 @@
+update refresh_tokens
+
+set revoked_at = CURRENT_TIMESTAMP
+
+where user is ?
+  and revoked_at is null
--- a/crates/database/sqlx-data.json
+++ b/crates/database/sqlx-data.json
@ -474,6 +474,16 @@
    },
    "query": "select id,\n       created_at  as \"created_at: DateTime<Utc>\",\n       updated_at  as \"updated_at: DateTime<Utc>\",\n       is_admin    as \"is_admin: bool\",\n       username,\n       name,\n       email,\n       password,\n       password_recover,\n       paper_key,\n       is_archived as \"is_archived: bool\"\nfrom users\n\nwhere username is (?)\n"
  },
+  "c00e5fce25caebdeeb24db20880e6c2210f583cddb0d478075f78124258712dd": {
+    "describe": {
+      "columns": [],
+      "nullable": [],
+      "parameters": {
+        "Right": 1
+      }
+    },
+    "query": "update refresh_tokens\n\nset revoked_at = CURRENT_TIMESTAMP\n\nwhere user is ?\n  and revoked_at is null"
+  },
  "c5a57c971d07532ec0cc897b5ac06e0814e506f9c24647d1eaf44174dc0a5954": {
    "describe": {
      "columns": [
@ -832,6 +842,16 @@
    },
    "query": "select id,\n       created_at      as \"created_at: DateTime<Utc>\",\n       updated_at      as \"updated_at: DateTime<Utc>\",\n       label,\n       redirect_uri,\n       secret,\n       is_confidential as \"is_confidential: bool\",\n       is_archived     as \"is_archived: bool\"\nfrom apps\n\nwhere id is (?)\n  and redirect_uri is (?)\n  and is_archived is 0\n"
  },
+  "ebe28f418d28303b2efe1fe192a63538d29d75c57b67d5eac1ac4ceaa1472a5c": {
+    "describe": {
+      "columns": [],
+      "nullable": [],
+      "parameters": {
+        "Right": 1
+      }
+    },
+    "query": "update authorization_codes\n\nset used_at = CURRENT_TIMESTAMP\n\nwhere user is ?\n  and used_at is null"
+  },
  "ed27954feb3e21b5c519ccd0312526e68fb3d88a1feb28bdafb414e990da55e8": {
    "describe": {
      "columns": [],
--- a/crates/database/src/tables/authorization_codes.rs
+++ b/crates/database/src/tables/authorization_codes.rs
@ -54,4 +54,17 @@ impl AuthorizationCodes {

        Ok((query.rows_affected() == 1).then_some(()))
    }
+
+    pub async fn use_all_for_user(
+        conn: impl SqliteExecutor<'_>,
+        user: &str,
+    ) -> Result<Option<()>, Error> {
+        let query: SqliteQueryResult =
+            sqlx::query_file!("queries/authorization_codes/use_all_for_user.sql", user)
+                .execute(conn)
+                .await
+                .map_err(handle_error)?;
+
+        Ok((query.rows_affected() >= 1).then_some(()))
+    }
 }
--- a/crates/database/src/tables/refresh_tokens.rs
+++ b/crates/database/src/tables/refresh_tokens.rs
@ -58,4 +58,17 @@ impl RefreshTokens {

        Ok((query.rows_affected() == 1).then_some(()))
    }
+
+    pub async fn revoke_all_for_user(
+        conn: impl SqliteExecutor<'_>,
+        user: &str,
+    ) -> Result<Option<()>, Error> {
+        let query: SqliteQueryResult =
+            sqlx::query_file!("queries/refresh_tokens/revoke_all_for_user.sql", user)
+                .execute(conn)
+                .await
+                .map_err(handle_error)?;
+
+        Ok((query.rows_affected() >= 1).then_some(()))
+    }
 }