263 role = role; |
263 role = role; |
264 }; |
264 }; |
265 end |
265 end |
266 |
266 |
267 function revoke_token(token) |
267 function revoke_token(token) |
268 local token_id, token_user, token_host = parse_token(token); |
268 local grant_id, token_user, token_host, token_secret = parse_token(token); |
269 if not token_id then |
269 if not grant_id then |
270 module:log("warn", "Failed to verify access token: %s", token_user); |
270 module:log("warn", "Failed to verify access token: %s", token_user); |
271 return nil, "invalid-token-format"; |
271 return nil, "invalid-token-format"; |
272 end |
272 end |
273 if token_host ~= module.host then |
273 if token_host ~= module.host then |
274 return nil, "invalid-host"; |
274 return nil, "invalid-host"; |
275 end |
275 end |
276 local ok, err = token_store:set_key(token_user, token_id, nil); |
276 local grant, err = _get_validated_grant_info(token_user, grant_id); |
|
277 if not grant then return grant, err; end |
|
278 local secret_hash = "sha256:"..hashes.sha256(token_secret, true); |
|
279 local token_info = grant.tokens[secret_hash]; |
|
280 if not grant or not token_info then |
|
281 return nil, "item-not-found"; |
|
282 end |
|
283 grant.tokens[secret_hash] = nil; |
|
284 local ok, err = token_store:set_key(token_user, grant_id, grant); |
277 if not ok then |
285 if not ok then |
278 return nil, err; |
286 return nil, err; |
279 end |
287 end |
280 module:fire_event("token-grant-revoked", { id = token_id, username = token_user, host = token_host }); |
288 module:fire_event("token-revoked", { |
|
289 grant_id = grant_id; |
|
290 grant = grant; |
|
291 info = token_info; |
|
292 username = token_user; |
|
293 host = token_host; |
|
294 }); |
281 return true; |
295 return true; |
282 end |
296 end |
283 |
297 |
284 function revoke_grant(username, grant_id) |
298 function revoke_grant(username, grant_id) |
285 local ok, err = token_store:set_key(username, grant_id, nil); |
299 local ok, err = token_store:set_key(username, grant_id, nil); |