diff --git a/consent/doc.go b/consent/doc.go index eec38a51c94..cd3023fb9b3 100644 --- a/consent/doc.go +++ b/consent/doc.go @@ -76,6 +76,14 @@ type swaggerRevokeAuthenticationSessionPayload struct { Subject string `json:"subject"` } +// swagger:parameters revokeAuthenticationSessionById +type swaggerRevokeAuthenticationSessionById struct { + // The id of the desired grant + // in: path + // required: true + ID string `json:"id"` +} + // swagger:parameters acceptLoginRequest type swaggerAcceptLoginRequest struct { // in: query diff --git a/consent/handler.go b/consent/handler.go index 78a5897d5da..f68be92c9de 100644 --- a/consent/handler.go +++ b/consent/handler.go @@ -70,7 +70,8 @@ func (h *Handler) SetRoutes(admin *x.RouterAdmin) { admin.PUT(ConsentPath+"/accept", h.AcceptConsentRequest) admin.PUT(ConsentPath+"/reject", h.RejectConsentRequest) - admin.DELETE(SessionsPath+"/login", h.DeleteLoginSession) + admin.DELETE(SessionsPath+"/login/:id", h.DeleteLoginSessionBySessionId) + admin.DELETE(SessionsPath+"/login", h.DeleteLoginSessionBySubject) admin.GET(SessionsPath+"/consent", h.GetConsentSessions) admin.DELETE(SessionsPath+"/consent", h.DeleteConsentSession) @@ -189,6 +190,43 @@ func (h *Handler) GetConsentSessions(w http.ResponseWriter, r *http.Request, ps h.r.Writer().Write(w, r, a) } +// swagger:route DELETE /oauth2/auth/sessions/login/{id} admin revokeAuthenticationSessionById +// +// Invalidates an Authentication Session +// +// This endpoint invalidates an authentication session by session id. After revoking the authentication session, the +// subject has to re-authenticate at ORY Hydra for this device/browser. This endpoint does not invalidate any tokens +// and does not work with OpenID Connect Front- or Back-channel logout. +// +// +// Consumes: +// - application/json +// +// Produces: +// - application/json +// +// Schemes: http, https +// +// Responses: +// 204: emptyResponse +// 400: jsonError +// 500: jsonError +func (h *Handler) DeleteLoginSessionBySessionId(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { + var loginSessionId = ps.ByName("id") + + if loginSessionId == "" { + h.r.Writer().WriteError(w, r, errorsx.WithStack(fosite.ErrInvalidRequest.WithHint(`Path parameter 'id' is not defined but should have been.`))) + return + } + + if err := h.r.ConsentManager().DeleteLoginSession(r.Context(), loginSessionId); err != nil && !errors.Is(err, x.ErrNotFound) { + h.r.Writer().WriteError(w, r, err) + return + } + + w.WriteHeader(http.StatusNoContent) +} + // swagger:route DELETE /oauth2/auth/sessions/login admin revokeAuthenticationSession // // Invalidates All Login Sessions of a Certain User @@ -211,7 +249,7 @@ func (h *Handler) GetConsentSessions(w http.ResponseWriter, r *http.Request, ps // 204: emptyResponse // 400: jsonError // 500: jsonError -func (h *Handler) DeleteLoginSession(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { +func (h *Handler) DeleteLoginSessionBySubject(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { subject := r.URL.Query().Get("subject") if subject == "" { h.r.Writer().WriteError(w, r, errorsx.WithStack(fosite.ErrInvalidRequest.WithHint(`Query parameter 'subject' is not defined but should have been.`))) diff --git a/consent/handler_test.go b/consent/handler_test.go index 60fa873b1df..404a3f50a27 100644 --- a/consent/handler_test.go +++ b/consent/handler_test.go @@ -27,6 +27,11 @@ import ( "net/http" "net/http/httptest" "testing" + "time" + + "github.com/pborman/uuid" + + "github.com/ory/x/sqlxx" "github.com/ory/hydra/x" @@ -213,3 +218,84 @@ func TestGetConsentRequest(t *testing.T) { }) } } + +func TestDeleteLoginSessionBySessionId(t *testing.T) { + conf := internal.NewConfigurationWithDefaults() + reg := internal.NewRegistryMemory(t, conf) + loginSession1 := uuid.NewUUID().String() + require.NoError(t, reg.ConsentManager().CreateLoginSession(context.Background(), &LoginSession{ + ID: loginSession1, + AuthenticatedAt: sqlxx.NullTime(time.Now().Round(time.Second).UTC()), + Subject: "subject1", + Remember: true, + })) + loginSession2 := uuid.NewUUID().String() + require.NoError(t, reg.ConsentManager().CreateLoginSession(context.Background(), &LoginSession{ + ID: loginSession2, + AuthenticatedAt: sqlxx.NullTime(time.Now().Round(time.Second).UTC()), + Subject: "subject1", + Remember: true, + })) + h := NewHandler(reg, conf) + r := x.NewRouterAdmin() + h.SetRoutes(r) + ts := httptest.NewServer(r) + defer ts.Close() + _, err := reg.ConsentManager().GetRememberedLoginSession(context.Background(), loginSession1) + require.NoError(t, err) + _, err = reg.ConsentManager().GetRememberedLoginSession(context.Background(), loginSession2) + require.NoError(t, err) + c := &http.Client{} + + req, err := http.NewRequest("DELETE", ts.URL+SessionsPath+"/login/"+loginSession1, nil) + + require.NoError(t, err) + resp, err := c.Do(req) + require.NoError(t, err) + require.EqualValues(t, http.StatusNoContent, resp.StatusCode) + _, err = reg.ConsentManager().GetRememberedLoginSession(context.Background(), loginSession1) + require.EqualError(t, err, x.ErrNotFound.Error()) + _, err = reg.ConsentManager().GetRememberedLoginSession(context.Background(), loginSession2) + require.NoError(t, err) +} + +func TestDeleteLoginSessionBySubject(t *testing.T) { + conf := internal.NewConfigurationWithDefaults() + reg := internal.NewRegistryMemory(t, conf) + subject := "subject1" + loginSession1 := uuid.NewUUID().String() + require.NoError(t, reg.ConsentManager().CreateLoginSession(context.Background(), &LoginSession{ + ID: loginSession1, + AuthenticatedAt: sqlxx.NullTime(time.Now().Round(time.Second).UTC()), + Subject: subject, + Remember: true, + })) + loginSession2 := uuid.NewUUID().String() + require.NoError(t, reg.ConsentManager().CreateLoginSession(context.Background(), &LoginSession{ + ID: loginSession2, + AuthenticatedAt: sqlxx.NullTime(time.Now().Round(time.Second).UTC()), + Subject: subject, + Remember: true, + })) + h := NewHandler(reg, conf) + r := x.NewRouterAdmin() + h.SetRoutes(r) + ts := httptest.NewServer(r) + defer ts.Close() + _, err := reg.ConsentManager().GetRememberedLoginSession(context.Background(), loginSession1) + require.NoError(t, err) + _, err = reg.ConsentManager().GetRememberedLoginSession(context.Background(), loginSession2) + require.NoError(t, err) + c := &http.Client{} + + req, err := http.NewRequest("DELETE", ts.URL+SessionsPath+"/login?subject="+subject, nil) + + require.NoError(t, err) + resp, err := c.Do(req) + require.NoError(t, err) + require.EqualValues(t, http.StatusNoContent, resp.StatusCode) + _, err = reg.ConsentManager().GetRememberedLoginSession(context.Background(), loginSession1) + require.EqualError(t, err, x.ErrNotFound.Error()) + _, err = reg.ConsentManager().GetRememberedLoginSession(context.Background(), loginSession2) + require.EqualError(t, err, x.ErrNotFound.Error()) +} diff --git a/internal/httpclient-next/README.md b/internal/httpclient-next/README.md index 3cd0108247d..91bb45f41e1 100644 --- a/internal/httpclient-next/README.md +++ b/internal/httpclient-next/README.md @@ -106,6 +106,7 @@ Class | Method | HTTP request | Description *AdminApi* | [**RejectLoginRequest**](docs/AdminApi.md#rejectloginrequest) | **Put** /oauth2/auth/requests/login/reject | Reject a Login Request *AdminApi* | [**RejectLogoutRequest**](docs/AdminApi.md#rejectlogoutrequest) | **Put** /oauth2/auth/requests/logout/reject | Reject a Logout Request *AdminApi* | [**RevokeAuthenticationSession**](docs/AdminApi.md#revokeauthenticationsession) | **Delete** /oauth2/auth/sessions/login | Invalidates All Login Sessions of a Certain User Invalidates a Subject's Authentication Session +*AdminApi* | [**RevokeAuthenticationSessionById**](docs/AdminApi.md#revokeauthenticationsessionbyid) | **Delete** /oauth2/auth/sessions/login/{id} | Invalidates an Authentication Session *AdminApi* | [**RevokeConsentSessions**](docs/AdminApi.md#revokeconsentsessions) | **Delete** /oauth2/auth/sessions/consent | Revokes Consent Sessions of a Subject for a Specific OAuth 2.0 Client *AdminApi* | [**TrustJwtGrantIssuer**](docs/AdminApi.md#trustjwtgrantissuer) | **Post** /trust/grants/jwt-bearer/issuers | Trust an OAuth2 JWT Bearer Grant Type Issuer *AdminApi* | [**UpdateJsonWebKey**](docs/AdminApi.md#updatejsonwebkey) | **Put** /keys/{set}/{kid} | Update a JSON Web Key diff --git a/internal/httpclient-next/api/openapi.yaml b/internal/httpclient-next/api/openapi.yaml index 0f3a973cef9..c9ec17735a4 100644 --- a/internal/httpclient-next/api/openapi.yaml +++ b/internal/httpclient-next/api/openapi.yaml @@ -1493,6 +1493,42 @@ paths: Invalidates a Subject's Authentication Session tags: - admin + /oauth2/auth/sessions/login/{id}: + delete: + description: |- + This endpoint invalidates an authentication session by session id. After revoking the authentication session, the + subject has to re-authenticate at ORY Hydra for this device/browser. This endpoint does not invalidate any tokens + and does not work with OpenID Connect Front- or Back-channel logout. + operationId: revokeAuthenticationSessionById + parameters: + - description: The id of the desired grant + explode: false + in: path + name: id + required: true + schema: + type: string + style: simple + responses: + "204": + description: |- + Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is + typically 201. + "400": + content: + application/json: + schema: + $ref: '#/components/schemas/jsonError' + description: jsonError + "500": + content: + application/json: + schema: + $ref: '#/components/schemas/jsonError' + description: jsonError + summary: Invalidates an Authentication Session + tags: + - admin /oauth2/flush: post: description: |- diff --git a/internal/httpclient-next/api_admin.go b/internal/httpclient-next/api_admin.go index 74f67b0e568..d06a05bb788 100644 --- a/internal/httpclient-next/api_admin.go +++ b/internal/httpclient-next/api_admin.go @@ -535,6 +535,22 @@ type AdminApi interface { */ RevokeAuthenticationSessionExecute(r AdminApiApiRevokeAuthenticationSessionRequest) (*http.Response, error) + /* + * RevokeAuthenticationSessionById Invalidates an Authentication Session + * This endpoint invalidates an authentication session by session id. After revoking the authentication session, the + subject has to re-authenticate at ORY Hydra for this device/browser. This endpoint does not invalidate any tokens + and does not work with OpenID Connect Front- or Back-channel logout. + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @param id The id of the desired grant + * @return AdminApiApiRevokeAuthenticationSessionByIdRequest + */ + RevokeAuthenticationSessionById(ctx context.Context, id string) AdminApiApiRevokeAuthenticationSessionByIdRequest + + /* + * RevokeAuthenticationSessionByIdExecute executes the request + */ + RevokeAuthenticationSessionByIdExecute(r AdminApiApiRevokeAuthenticationSessionByIdRequest) (*http.Response, error) + /* * RevokeConsentSessions Revokes Consent Sessions of a Subject for a Specific OAuth 2.0 Client * This endpoint revokes a subject's granted consent sessions for a specific OAuth 2.0 Client and invalidates all @@ -4268,6 +4284,121 @@ func (a *AdminApiService) RevokeAuthenticationSessionExecute(r AdminApiApiRevoke return localVarHTTPResponse, nil } +type AdminApiApiRevokeAuthenticationSessionByIdRequest struct { + ctx context.Context + ApiService AdminApi + id string +} + +func (r AdminApiApiRevokeAuthenticationSessionByIdRequest) Execute() (*http.Response, error) { + return r.ApiService.RevokeAuthenticationSessionByIdExecute(r) +} + +/* + * RevokeAuthenticationSessionById Invalidates an Authentication Session + * This endpoint invalidates an authentication session by session id. After revoking the authentication session, the +subject has to re-authenticate at ORY Hydra for this device/browser. This endpoint does not invalidate any tokens +and does not work with OpenID Connect Front- or Back-channel logout. + * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + * @param id The id of the desired grant + * @return AdminApiApiRevokeAuthenticationSessionByIdRequest +*/ +func (a *AdminApiService) RevokeAuthenticationSessionById(ctx context.Context, id string) AdminApiApiRevokeAuthenticationSessionByIdRequest { + return AdminApiApiRevokeAuthenticationSessionByIdRequest{ + ApiService: a, + ctx: ctx, + id: id, + } +} + +/* + * Execute executes the request + */ +func (a *AdminApiService) RevokeAuthenticationSessionByIdExecute(r AdminApiApiRevokeAuthenticationSessionByIdRequest) (*http.Response, error) { + var ( + localVarHTTPMethod = http.MethodDelete + localVarPostBody interface{} + localVarFormFileName string + localVarFileName string + localVarFileBytes []byte + ) + + localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "AdminApiService.RevokeAuthenticationSessionById") + if err != nil { + return nil, &GenericOpenAPIError{error: err.Error()} + } + + localVarPath := localBasePath + "/oauth2/auth/sessions/login/{id}" + localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", url.PathEscape(parameterToString(r.id, "")), -1) + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := url.Values{} + localVarFormParams := url.Values{} + + // to determine the Content-Type header + localVarHTTPContentTypes := []string{} + + // set Content-Type header + localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes) + if localVarHTTPContentType != "" { + localVarHeaderParams["Content-Type"] = localVarHTTPContentType + } + + // to determine the Accept header + localVarHTTPHeaderAccepts := []string{"application/json"} + + // set Accept header + localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts) + if localVarHTTPHeaderAccept != "" { + localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept + } + req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes) + if err != nil { + return nil, err + } + + localVarHTTPResponse, err := a.client.callAPI(req) + if err != nil || localVarHTTPResponse == nil { + return localVarHTTPResponse, err + } + + localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarHTTPResponse.Body.Close() + localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + if err != nil { + return localVarHTTPResponse, err + } + + if localVarHTTPResponse.StatusCode >= 300 { + newErr := &GenericOpenAPIError{ + body: localVarBody, + error: localVarHTTPResponse.Status, + } + if localVarHTTPResponse.StatusCode == 400 { + var v JsonError + err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr.error = err.Error() + return localVarHTTPResponse, newErr + } + newErr.model = v + return localVarHTTPResponse, newErr + } + if localVarHTTPResponse.StatusCode == 500 { + var v JsonError + err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr.error = err.Error() + return localVarHTTPResponse, newErr + } + newErr.model = v + } + return localVarHTTPResponse, newErr + } + + return localVarHTTPResponse, nil +} + type AdminApiApiRevokeConsentSessionsRequest struct { ctx context.Context ApiService AdminApi diff --git a/internal/httpclient-next/docs/AdminApi.md b/internal/httpclient-next/docs/AdminApi.md index d4df48e60fa..34b2e018cbf 100644 --- a/internal/httpclient-next/docs/AdminApi.md +++ b/internal/httpclient-next/docs/AdminApi.md @@ -31,6 +31,7 @@ Method | HTTP request | Description [**RejectLoginRequest**](AdminApi.md#RejectLoginRequest) | **Put** /oauth2/auth/requests/login/reject | Reject a Login Request [**RejectLogoutRequest**](AdminApi.md#RejectLogoutRequest) | **Put** /oauth2/auth/requests/logout/reject | Reject a Logout Request [**RevokeAuthenticationSession**](AdminApi.md#RevokeAuthenticationSession) | **Delete** /oauth2/auth/sessions/login | Invalidates All Login Sessions of a Certain User Invalidates a Subject's Authentication Session +[**RevokeAuthenticationSessionById**](AdminApi.md#RevokeAuthenticationSessionById) | **Delete** /oauth2/auth/sessions/login/{id} | Invalidates an Authentication Session [**RevokeConsentSessions**](AdminApi.md#RevokeConsentSessions) | **Delete** /oauth2/auth/sessions/consent | Revokes Consent Sessions of a Subject for a Specific OAuth 2.0 Client [**TrustJwtGrantIssuer**](AdminApi.md#TrustJwtGrantIssuer) | **Post** /trust/grants/jwt-bearer/issuers | Trust an OAuth2 JWT Bearer Grant Type Issuer [**UpdateJsonWebKey**](AdminApi.md#UpdateJsonWebKey) | **Put** /keys/{set}/{kid} | Update a JSON Web Key @@ -1877,6 +1878,74 @@ No authorization required [[Back to README]](../README.md) +## RevokeAuthenticationSessionById + +> RevokeAuthenticationSessionById(ctx, id).Execute() + +Invalidates an Authentication Session + + + +### Example + +```go +package main + +import ( + "context" + "fmt" + "os" + openapiclient "./openapi" +) + +func main() { + id := "id_example" // string | The id of the desired grant + + configuration := openapiclient.NewConfiguration() + apiClient := openapiclient.NewAPIClient(configuration) + resp, r, err := apiClient.AdminApi.RevokeAuthenticationSessionById(context.Background(), id).Execute() + if err != nil { + fmt.Fprintf(os.Stderr, "Error when calling `AdminApi.RevokeAuthenticationSessionById``: %v\n", err) + fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) + } +} +``` + +### Path Parameters + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- +**ctx** | **context.Context** | context for authentication, logging, cancellation, deadlines, tracing, etc. +**id** | **string** | The id of the desired grant | + +### Other Parameters + +Other parameters are passed through a pointer to a apiRevokeAuthenticationSessionByIdRequest struct via the builder pattern + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + + +### Return type + + (empty response body) + +### Authorization + +No authorization required + +### HTTP request headers + +- **Content-Type**: Not defined +- **Accept**: application/json + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) +[[Back to Model list]](../README.md#documentation-for-models) +[[Back to README]](../README.md) + + ## RevokeConsentSessions > RevokeConsentSessions(ctx).Subject(subject).Client(client).All(all).Execute() diff --git a/internal/httpclient/client/admin/admin_client.go b/internal/httpclient/client/admin/admin_client.go index b02868e0814..a57cca7c2f0 100644 --- a/internal/httpclient/client/admin/admin_client.go +++ b/internal/httpclient/client/admin/admin_client.go @@ -88,6 +88,8 @@ type ClientService interface { RevokeAuthenticationSession(params *RevokeAuthenticationSessionParams, opts ...ClientOption) (*RevokeAuthenticationSessionNoContent, error) + RevokeAuthenticationSessionByID(params *RevokeAuthenticationSessionByIDParams, opts ...ClientOption) (*RevokeAuthenticationSessionByIDNoContent, error) + RevokeConsentSessions(params *RevokeConsentSessionsParams, opts ...ClientOption) (*RevokeConsentSessionsNoContent, error) TrustJwtGrantIssuer(params *TrustJwtGrantIssuerParams, opts ...ClientOption) (*TrustJwtGrantIssuerCreated, error) @@ -1392,6 +1394,48 @@ func (a *Client) RevokeAuthenticationSession(params *RevokeAuthenticationSession panic(msg) } +/* + RevokeAuthenticationSessionByID invalidates an authentication session + + This endpoint invalidates an authentication session by session id. After revoking the authentication session, the +subject has to re-authenticate at ORY Hydra for this device/browser. This endpoint does not invalidate any tokens +and does not work with OpenID Connect Front- or Back-channel logout. +*/ +func (a *Client) RevokeAuthenticationSessionByID(params *RevokeAuthenticationSessionByIDParams, opts ...ClientOption) (*RevokeAuthenticationSessionByIDNoContent, error) { + // TODO: Validate the params before sending + if params == nil { + params = NewRevokeAuthenticationSessionByIDParams() + } + op := &runtime.ClientOperation{ + ID: "revokeAuthenticationSessionById", + Method: "DELETE", + PathPattern: "/oauth2/auth/sessions/login/{id}", + ProducesMediaTypes: []string{"application/json"}, + ConsumesMediaTypes: []string{"application/json"}, + Schemes: []string{"http", "https"}, + Params: params, + Reader: &RevokeAuthenticationSessionByIDReader{formats: a.formats}, + Context: params.Context, + Client: params.HTTPClient, + } + for _, opt := range opts { + opt(op) + } + + result, err := a.transport.Submit(op) + if err != nil { + return nil, err + } + success, ok := result.(*RevokeAuthenticationSessionByIDNoContent) + if ok { + return success, nil + } + // unexpected success response + // safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue + msg := fmt.Sprintf("unexpected success response for revokeAuthenticationSessionById: API contract not enforced by server. Client expected to get an error, but got: %T", result) + panic(msg) +} + /* RevokeConsentSessions revokes consent sessions of a subject for a specific o auth 2 0 client diff --git a/internal/httpclient/client/admin/revoke_authentication_session_by_id_parameters.go b/internal/httpclient/client/admin/revoke_authentication_session_by_id_parameters.go new file mode 100644 index 00000000000..a500e08a117 --- /dev/null +++ b/internal/httpclient/client/admin/revoke_authentication_session_by_id_parameters.go @@ -0,0 +1,149 @@ +// Code generated by go-swagger; DO NOT EDIT. + +package admin + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "context" + "net/http" + "time" + + "github.com/go-openapi/errors" + "github.com/go-openapi/runtime" + cr "github.com/go-openapi/runtime/client" + "github.com/go-openapi/strfmt" +) + +// NewRevokeAuthenticationSessionByIDParams creates a new RevokeAuthenticationSessionByIDParams object, +// with the default timeout for this client. +// +// Default values are not hydrated, since defaults are normally applied by the API server side. +// +// To enforce default values in parameter, use SetDefaults or WithDefaults. +func NewRevokeAuthenticationSessionByIDParams() *RevokeAuthenticationSessionByIDParams { + return &RevokeAuthenticationSessionByIDParams{ + timeout: cr.DefaultTimeout, + } +} + +// NewRevokeAuthenticationSessionByIDParamsWithTimeout creates a new RevokeAuthenticationSessionByIDParams object +// with the ability to set a timeout on a request. +func NewRevokeAuthenticationSessionByIDParamsWithTimeout(timeout time.Duration) *RevokeAuthenticationSessionByIDParams { + return &RevokeAuthenticationSessionByIDParams{ + timeout: timeout, + } +} + +// NewRevokeAuthenticationSessionByIDParamsWithContext creates a new RevokeAuthenticationSessionByIDParams object +// with the ability to set a context for a request. +func NewRevokeAuthenticationSessionByIDParamsWithContext(ctx context.Context) *RevokeAuthenticationSessionByIDParams { + return &RevokeAuthenticationSessionByIDParams{ + Context: ctx, + } +} + +// NewRevokeAuthenticationSessionByIDParamsWithHTTPClient creates a new RevokeAuthenticationSessionByIDParams object +// with the ability to set a custom HTTPClient for a request. +func NewRevokeAuthenticationSessionByIDParamsWithHTTPClient(client *http.Client) *RevokeAuthenticationSessionByIDParams { + return &RevokeAuthenticationSessionByIDParams{ + HTTPClient: client, + } +} + +/* RevokeAuthenticationSessionByIDParams contains all the parameters to send to the API endpoint + for the revoke authentication session by Id operation. + + Typically these are written to a http.Request. +*/ +type RevokeAuthenticationSessionByIDParams struct { + + /* ID. + + The id of the desired grant + */ + ID string + + timeout time.Duration + Context context.Context + HTTPClient *http.Client +} + +// WithDefaults hydrates default values in the revoke authentication session by Id params (not the query body). +// +// All values with no default are reset to their zero value. +func (o *RevokeAuthenticationSessionByIDParams) WithDefaults() *RevokeAuthenticationSessionByIDParams { + o.SetDefaults() + return o +} + +// SetDefaults hydrates default values in the revoke authentication session by Id params (not the query body). +// +// All values with no default are reset to their zero value. +func (o *RevokeAuthenticationSessionByIDParams) SetDefaults() { + // no default values defined for this parameter +} + +// WithTimeout adds the timeout to the revoke authentication session by Id params +func (o *RevokeAuthenticationSessionByIDParams) WithTimeout(timeout time.Duration) *RevokeAuthenticationSessionByIDParams { + o.SetTimeout(timeout) + return o +} + +// SetTimeout adds the timeout to the revoke authentication session by Id params +func (o *RevokeAuthenticationSessionByIDParams) SetTimeout(timeout time.Duration) { + o.timeout = timeout +} + +// WithContext adds the context to the revoke authentication session by Id params +func (o *RevokeAuthenticationSessionByIDParams) WithContext(ctx context.Context) *RevokeAuthenticationSessionByIDParams { + o.SetContext(ctx) + return o +} + +// SetContext adds the context to the revoke authentication session by Id params +func (o *RevokeAuthenticationSessionByIDParams) SetContext(ctx context.Context) { + o.Context = ctx +} + +// WithHTTPClient adds the HTTPClient to the revoke authentication session by Id params +func (o *RevokeAuthenticationSessionByIDParams) WithHTTPClient(client *http.Client) *RevokeAuthenticationSessionByIDParams { + o.SetHTTPClient(client) + return o +} + +// SetHTTPClient adds the HTTPClient to the revoke authentication session by Id params +func (o *RevokeAuthenticationSessionByIDParams) SetHTTPClient(client *http.Client) { + o.HTTPClient = client +} + +// WithID adds the id to the revoke authentication session by Id params +func (o *RevokeAuthenticationSessionByIDParams) WithID(id string) *RevokeAuthenticationSessionByIDParams { + o.SetID(id) + return o +} + +// SetID adds the id to the revoke authentication session by Id params +func (o *RevokeAuthenticationSessionByIDParams) SetID(id string) { + o.ID = id +} + +// WriteToRequest writes these params to a swagger request +func (o *RevokeAuthenticationSessionByIDParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error { + + if err := r.SetTimeout(o.timeout); err != nil { + return err + } + var res []error + + // path param id + if err := r.SetPathParam("id", o.ID); err != nil { + return err + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} diff --git a/internal/httpclient/client/admin/revoke_authentication_session_by_id_responses.go b/internal/httpclient/client/admin/revoke_authentication_session_by_id_responses.go new file mode 100644 index 00000000000..8ca97a2027b --- /dev/null +++ b/internal/httpclient/client/admin/revoke_authentication_session_by_id_responses.go @@ -0,0 +1,133 @@ +// Code generated by go-swagger; DO NOT EDIT. + +package admin + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "fmt" + "io" + + "github.com/go-openapi/runtime" + "github.com/go-openapi/strfmt" + + "github.com/ory/hydra/internal/httpclient/models" +) + +// RevokeAuthenticationSessionByIDReader is a Reader for the RevokeAuthenticationSessionByID structure. +type RevokeAuthenticationSessionByIDReader struct { + formats strfmt.Registry +} + +// ReadResponse reads a server response into the received o. +func (o *RevokeAuthenticationSessionByIDReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) { + switch response.Code() { + case 204: + result := NewRevokeAuthenticationSessionByIDNoContent() + if err := result.readResponse(response, consumer, o.formats); err != nil { + return nil, err + } + return result, nil + case 400: + result := NewRevokeAuthenticationSessionByIDBadRequest() + if err := result.readResponse(response, consumer, o.formats); err != nil { + return nil, err + } + return nil, result + case 500: + result := NewRevokeAuthenticationSessionByIDInternalServerError() + if err := result.readResponse(response, consumer, o.formats); err != nil { + return nil, err + } + return nil, result + default: + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) + } +} + +// NewRevokeAuthenticationSessionByIDNoContent creates a RevokeAuthenticationSessionByIDNoContent with default headers values +func NewRevokeAuthenticationSessionByIDNoContent() *RevokeAuthenticationSessionByIDNoContent { + return &RevokeAuthenticationSessionByIDNoContent{} +} + +/* RevokeAuthenticationSessionByIDNoContent describes a response with status code 204, with default header values. + + Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is +typically 201. +*/ +type RevokeAuthenticationSessionByIDNoContent struct { +} + +func (o *RevokeAuthenticationSessionByIDNoContent) Error() string { + return fmt.Sprintf("[DELETE /oauth2/auth/sessions/login/{id}][%d] revokeAuthenticationSessionByIdNoContent ", 204) +} + +func (o *RevokeAuthenticationSessionByIDNoContent) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error { + + return nil +} + +// NewRevokeAuthenticationSessionByIDBadRequest creates a RevokeAuthenticationSessionByIDBadRequest with default headers values +func NewRevokeAuthenticationSessionByIDBadRequest() *RevokeAuthenticationSessionByIDBadRequest { + return &RevokeAuthenticationSessionByIDBadRequest{} +} + +/* RevokeAuthenticationSessionByIDBadRequest describes a response with status code 400, with default header values. + +jsonError +*/ +type RevokeAuthenticationSessionByIDBadRequest struct { + Payload *models.JSONError +} + +func (o *RevokeAuthenticationSessionByIDBadRequest) Error() string { + return fmt.Sprintf("[DELETE /oauth2/auth/sessions/login/{id}][%d] revokeAuthenticationSessionByIdBadRequest %+v", 400, o.Payload) +} +func (o *RevokeAuthenticationSessionByIDBadRequest) GetPayload() *models.JSONError { + return o.Payload +} + +func (o *RevokeAuthenticationSessionByIDBadRequest) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error { + + o.Payload = new(models.JSONError) + + // response payload + if err := consumer.Consume(response.Body(), o.Payload); err != nil && err != io.EOF { + return err + } + + return nil +} + +// NewRevokeAuthenticationSessionByIDInternalServerError creates a RevokeAuthenticationSessionByIDInternalServerError with default headers values +func NewRevokeAuthenticationSessionByIDInternalServerError() *RevokeAuthenticationSessionByIDInternalServerError { + return &RevokeAuthenticationSessionByIDInternalServerError{} +} + +/* RevokeAuthenticationSessionByIDInternalServerError describes a response with status code 500, with default header values. + +jsonError +*/ +type RevokeAuthenticationSessionByIDInternalServerError struct { + Payload *models.JSONError +} + +func (o *RevokeAuthenticationSessionByIDInternalServerError) Error() string { + return fmt.Sprintf("[DELETE /oauth2/auth/sessions/login/{id}][%d] revokeAuthenticationSessionByIdInternalServerError %+v", 500, o.Payload) +} +func (o *RevokeAuthenticationSessionByIDInternalServerError) GetPayload() *models.JSONError { + return o.Payload +} + +func (o *RevokeAuthenticationSessionByIDInternalServerError) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error { + + o.Payload = new(models.JSONError) + + // response payload + if err := consumer.Consume(response.Body(), o.Payload); err != nil && err != io.EOF { + return err + } + + return nil +} diff --git a/spec/api.json b/spec/api.json index b18c236a5dc..ab7c7bc4235 100755 --- a/spec/api.json +++ b/spec/api.json @@ -3225,6 +3225,52 @@ ] } }, + "/oauth2/auth/sessions/login/{id}": { + "delete": { + "description": "This endpoint invalidates an authentication session by session id. After revoking the authentication session, the\nsubject has to re-authenticate at ORY Hydra for this device/browser. This endpoint does not invalidate any tokens\nand does not work with OpenID Connect Front- or Back-channel logout.", + "operationId": "revokeAuthenticationSessionById", + "parameters": [ + { + "description": "The id of the desired grant", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "$ref": "#/components/responses/emptyResponse" + }, + "400": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + }, + "500": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/jsonError" + } + } + }, + "description": "jsonError" + } + }, + "summary": "Invalidates an Authentication Session", + "tags": [ + "admin" + ] + } + }, "/oauth2/flush": { "post": { "description": "This endpoint flushes expired OAuth2 access tokens from the database. You can set a time after which no tokens will be\nnot be touched, in case you want to keep recent tokens for auditing. Refresh tokens can not be flushed as they are deleted\nautomatically when performing the refresh flow.", diff --git a/spec/swagger.json b/spec/swagger.json index 38e4461fe4d..ce0ec98f663 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -1682,6 +1682,52 @@ } } }, + "/oauth2/auth/sessions/login/{id}": { + "delete": { + "description": "This endpoint invalidates an authentication session by session id. After revoking the authentication session, the\nsubject has to re-authenticate at ORY Hydra for this device/browser. This endpoint does not invalidate any tokens\nand does not work with OpenID Connect Front- or Back-channel logout.", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "schemes": [ + "http", + "https" + ], + "tags": [ + "admin" + ], + "summary": "Invalidates an Authentication Session", + "operationId": "revokeAuthenticationSessionById", + "parameters": [ + { + "type": "string", + "description": "The id of the desired grant", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "$ref": "#/responses/emptyResponse" + }, + "400": { + "description": "jsonError", + "schema": { + "$ref": "#/definitions/jsonError" + } + }, + "500": { + "description": "jsonError", + "schema": { + "$ref": "#/definitions/jsonError" + } + } + } + } + }, "/oauth2/flush": { "post": { "description": "This endpoint flushes expired OAuth2 access tokens from the database. You can set a time after which no tokens will be\nnot be touched, in case you want to keep recent tokens for auditing. Refresh tokens can not be flushed as they are deleted\nautomatically when performing the refresh flow.",