Files
authorizer/server/handlers/revoke_refresh_token.go

73 lines
2.0 KiB
Go
Raw Normal View History

2022-03-08 18:49:42 +05:30
package handlers
import (
"net/http"
"strings"
2022-05-23 11:52:51 +05:30
"github.com/gin-gonic/gin"
log "github.com/sirupsen/logrus"
2022-03-08 18:49:42 +05:30
"github.com/authorizerdev/authorizer/server/constants"
2022-05-27 23:20:38 +05:30
"github.com/authorizerdev/authorizer/server/memorystore"
2022-06-12 00:27:21 +05:30
"github.com/authorizerdev/authorizer/server/token"
2022-03-08 18:49:42 +05:30
)
// RevokeRefreshTokenHandler handler to revoke refresh token
func RevokeRefreshTokenHandler() gin.HandlerFunc {
2022-03-08 18:49:42 +05:30
return func(gc *gin.Context) {
var reqBody map[string]string
if err := gc.BindJSON(&reqBody); err != nil {
2022-05-23 11:52:51 +05:30
log.Debug("Error binding JSON: ", err)
2022-03-08 18:49:42 +05:30
gc.JSON(http.StatusBadRequest, gin.H{
"error": "error_binding_json",
"error_description": err.Error(),
})
return
}
// get fingerprint hash
refreshToken := strings.TrimSpace(reqBody["refresh_token"])
clientID := strings.TrimSpace(reqBody["client_id"])
if clientID == "" {
2022-05-23 11:52:51 +05:30
log.Debug("Client ID is empty")
2022-03-08 18:49:42 +05:30
gc.JSON(http.StatusBadRequest, gin.H{
"error": "client_id_required",
"error_description": "The client id is required",
})
return
}
2022-05-29 17:22:46 +05:30
if client, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID); client != clientID || err != nil {
2022-05-25 12:30:22 +05:30
log.Debug("Client ID is invalid: ", clientID)
2022-03-08 18:49:42 +05:30
gc.JSON(http.StatusBadRequest, gin.H{
"error": "invalid_client_id",
"error_description": "The client id is invalid",
})
return
}
2022-06-12 00:27:21 +05:30
claims, err := token.ParseJWTToken(refreshToken)
if err != nil {
log.Debug("Client ID is invalid: ", clientID)
gc.JSON(http.StatusBadRequest, gin.H{
"error": err.Error(),
"error_description": "Failed to parse jwt",
})
return
}
userID := claims["sub"].(string)
loginMethod := claims["login_method"]
sessionToken := userID
if loginMethod != nil && loginMethod != "" {
sessionToken = loginMethod.(string) + ":" + userID
}
memorystore.Provider.DeleteUserSession(sessionToken, claims["nonce"].(string))
2022-03-08 18:49:42 +05:30
gc.JSON(http.StatusOK, gin.H{
"message": "Token revoked successfully",
})
}
}