Feat/delete users tokens #116
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…-modules The .yarnrc.yml file is added with the nodeLinker configuration set to node-modules. This configuration specifies that Yarn should use the "node-modules" linker for managing dependencies.
…refresh tokens The revoke method is added to the AuthService in order to provide functionality for revoking refresh tokens. It takes an optional parameter which can be either userId or email. If userId is provided, the refreshToken field of the user with that userId is set to null. If email is provided, the refreshToken field of the user with that email is set to null. If neither userId nor email is provided, a NotFoundException is thrown with a message indicating that the user was not found. This method is useful for implementing a logout functionality where the refresh token is invalidated.
…'s refresh token feat(auth.controller.ts): add revoke endpoint to allow revoking user's refresh token with a valid user id The revoke endpoint is added to the AuthController to allow revoking a user's refresh token. This endpoint requires a valid user id and removes the user's refresh token. It is protected by the RolesGuard and can only be accessed by users with the "Admin" role. The endpoint returns a success response if the refresh token is successfully revoked. If the user is not found, a NotFoundErrorResponse is returned. If the user doesn't have permission to perform the operation, a ForbiddenErrorResponse is returned.
…erties The RevokeRTDTo class is added to the auth/dto directory. It includes two properties: userId and email. The userId property is optional and represents the user ID, while the email property is a string with an example value of "elza59@ethereal.email". This class is used for data transfer objects related to revoking user access.
…ality This commit adds tests for the new functionality of revoking a refresh token. The tests cover scenarios where the refresh token is successfully revoked, where the email is invalid, and where the user is not permitted to revoke the token. These tests ensure that the revoking of refresh tokens is working correctly and that the appropriate responses are returned based on the different scenarios.
… method The console.log statement in the revoke method has been removed as it was not providing any useful information and was unnecessary for the functionality of the method.
…operties for better validation flexibility The IsOptional decorator has been added to the userId and email properties in the RevokeRTDTo class. This allows these properties to be optional during validation, providing better flexibility in the validation process.
➤ YN0002: │ chingu-dashboard-be@workspace:. doesn't provide express (pa980d), requested by swagger-ui-express ➤ YN0002: │ chingu-dashboard-be@workspace:. doesn't provide webpack (p8e44a), requested by ts-loader ➤ YN0000: │ Some peer dependencies are incorrectly met; run yarn explain peer-requirements <hash> for details, where <hash> is the six-letter p-prefixed code ➤ YN0000: └ Completed in 0s 290ms ➤ YN0000: ┌ Fetch step ➤ YN0000: └ Completed in 0s 315ms ➤ YN0000: ┌ Link step ➤ YN0000: └ Completed in 0s 442ms ➤ YN0000: Done with warnings in 1s 178ms after updating branch with branch
…token from revoke The filename change was for easier readability and two more class validator were added to the properties: userId and email
…t to the correct file refactor(auth.controller.ts): rename revoke method parameter from revokeTRDTo to body for clarity refactor(auth.controller.ts): rename revoke method to revokeRefreshToken for clarity The import statement for the RevokeRTDTo DTO has been fixed to point to the correct file. The parameter name of the revoke method has been changed from revokeTRDTo to body for clarity. Additionally, the method name has been changed to revokeRefreshToken to better reflect its purpose.
… and add validation for userId and email parameters The revoke method in the AuthService class has been renamed to revokeRefreshToken to better reflect its purpose. Additionally, the method now includes validation to ensure that either the userId or email parameter is provided, but not both. If both parameters are provided, a BadRequestException is thrown with an appropriate error message. This change improves the clarity and reliability of the code.
…en email and user id are provided The new test case checks if a 400 status code is returned when both an email and user id are provided. This is to ensure that the server handles this scenario correctly and denies access.
timDeHof
requested review from
cherylli,
JoshuaHinman,
siasktv,
Piero7210 and
curtwl
…-dashboard-be into feat/delete-users-tokens
cherylli
requested changes
Mar 8, 2024
…ame in revoke method The import statement for the RevokeRTDto was incorrect, it was importing RevokeRTDTo instead. The parameter name in the revoke method was also incorrect, it was using RevokeRTDTo instead of RevokeRTDto. This commit fixes these typos to ensure the correct import and parameter name are used.
…TDTo to RevokeRTDto for consistency and clarity The class name has been corrected from RevokeRTDTo to RevokeRTDto to improve consistency and clarity in the codebase.
The RolesGuard import and usage in the auth.controller.ts file have been removed as it is no longer needed. This improves code cleanliness and removes unnecessary dependencies.
…r a user The new test checks if the refresh token is null for a specific user. This is important to ensure that the refresh token is properly set to null when it should be.
cherylli
requested changes
Mar 11, 2024
There was a problem hiding this comment.
I think this is not accurate, since we can either use email or userID, maybe it should be auth/refresh/revoke or auth/revoke-refresh-token
You can look at this for reference https://restfulapi.net/resource-naming/
I got this when user is not found in the database, it's not very descriptive
200 - delete token successful works, but there's no response message
… revoke refresh token endpoint feat(auth.controller.ts): add response message and status code to the revoke refresh token endpoint The summary and description of the revoke refresh token endpoint have been improved to clarify that only admins can perform this action and that the user's id or email can be used to revoke the refresh token. Additionally, a response message and status code have been added to provide feedback to the client after the refresh token has been successfully revoked.
…n for non-existent user Error handling has been added to handle the case when the user specified by or does not exist, throwing a with an appropriate error message.
…h/userId" to "/auth/refresh/revoke" for better clarity and consistency The revokeRTUrl endpoint has been updated to "/auth/refresh/revoke" to provide a more descriptive and consistent naming convention. This change improves the readability and maintainability of the code.
|
updates:
|
cherylli
previously approved these changes
Mar 12, 2024
Co-authored-by: Cheryl M <webmaster@cherylli.com>
Co-authored-by: Cheryl M <webmaster@cherylli.com>
cherylli
approved these changes
Mar 13, 2024
JoshuaHinman
approved these changes
Mar 14, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR adds a DELETE endpoint to auth services that will revoke an user's refresh token when given a user's id or email.This endpoint has role guard attached so that only users with admin role can initiate the endpoint.
Also this PR tests the new functionality of revoking a refresh token. The tests cover scenarios where the refresh token is successfully revoked, where the email is invalid, and where the user is not permitted to revoke the token. These tests ensure that the revoking of refresh tokens is working correctly and that the appropriate responses are returned based on the different scenarios.
In addition, swagger UI api has been updated to allow for users to test the new endpoint.
Issue link
Fixes # (issue) "Create endpoint to revoke refresh token" from trello
Type of change
How Has This Been Tested?
You can run
yarn test:e2eoryarn test:e2e:docker, then look forauth.e2e-spec.tsto pass.Checklist: