WebAuth: Delete request after expiry

The commit adds support to delete a request after it expires.
hexpm · Oct 13, 2021 · 9a00b28 · 9a00b28
1 parent 179d89c
commit 9a00b28
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 0 deletions.
diff --git a/lib/hexpm/web_auth.ex b/lib/hexpm/web_auth.ex
@@ -147,6 +147,11 @@ defmodule Hexpm.WebAuth do
     {:reply, state, state}
   end
 
+  @impl GenServer
+  def handle_info({:delete_request, device_code}, state) do
+    {:noreply, delete_request(device_code, state)}
+  end
+
   # Helper functions
 
   defp code(scope, server, state) do
@@ -180,6 +185,12 @@ defmodule Hexpm.WebAuth do
     {response, %{state | requests: [request | state.requests]}}
   end
 
+  defp delete_request(device_code, state) do
+    requests = Enum.reject(state.requests, fn x -> x.device_code == device_code end)
+
+    %{state | requests: requests}
+  end
+
   defp submit(user, user_code, audit, state) do
     request = Enum.find(state.requests, fn x -> x.user_code == user_code end)
     scope = request.scope

diff --git a/test/hexpm/web_auth_test.exs b/test/hexpm/web_auth_test.exs
@@ -39,6 +39,25 @@ defmodule Hexpm.WebAuthTest do
     end
   end
 
+  test "deletes request after `verification_expires_in` seconds", c do
+    start_supervised!({WebAuth, name: c.test, verification_expires_in: 0})
+
+    c =
+      c
+      |> login
+      |> get_code
+
+    audit_data = audit_data(c.user)
+
+    params = %{
+      "user" => c.user,
+      "user_code" => c.request.user_code,
+      "audit" => audit_data
+    }
+
+    assert WebAuth.submit_code(c.test, params) == {:error, "invalid user_code"}
+  end
+
   describe "submit/2" do
     setup [:start_server, :allow_db, :login, :get_code]