diff --git a/consent/handler.go b/consent/handler.go index a69bfa0dd64..84d264cdf88 100644 --- a/consent/handler.go +++ b/consent/handler.go @@ -255,6 +255,17 @@ func (h *Handler) revokeOAuth2LoginSessions(w http.ResponseWriter, r *http.Reque w.WriteHeader(http.StatusNoContent) } +// Revoke OAuth 2.0 Consent Login Sessions Parameters +// +// swagger:parameters revokeOAuth2LoginSession +type revokeOAuth2LoginSession struct { + // The id of the OAuth 2.0 Login session. + // + // in: path + // required: true + ID string `json:"id"` +} + // swagger:route DELETE /oauth2/auth/sessions/login/{id} oAuth2 revokeOAuth2LoginSession // // # Revokes OAuth 2.0 Login Sessions of by session id @@ -270,8 +281,7 @@ func (h *Handler) revokeOAuth2LoginSessions(w http.ResponseWriter, r *http.Reque // // Responses: // 204: emptyResponse -// 400: jsonError -// 500: jsonError +// default: errorOAuth2 func (h *Handler) revokeOAuth2LoginSession(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { var loginSessionId = ps.ByName("id") diff --git a/internal/httpclient/api_o_auth2.go b/internal/httpclient/api_o_auth2.go index 7687167f745..37ffa43d6ed 100644 --- a/internal/httpclient/api_o_auth2.go +++ b/internal/httpclient/api_o_auth2.go @@ -2956,6 +2956,107 @@ func (a *OAuth2ApiService) RevokeOAuth2ConsentSessionsExecute(r ApiRevokeOAuth2C return localVarHTTPResponse, nil } +type ApiRevokeOAuth2LoginSessionRequest struct { + ctx context.Context + ApiService *OAuth2ApiService + id string +} + +func (r ApiRevokeOAuth2LoginSessionRequest) Execute() (*http.Response, error) { + return r.ApiService.RevokeOAuth2LoginSessionExecute(r) +} + +/* +RevokeOAuth2LoginSession Revokes OAuth 2.0 Login Sessions of by session id + +This endpoint invalidates an authentication session by session id. After revoking the authentication session, the +subject has to re-authenticate at ORY Hydra for this device/browser. This endpoint does not invalidate any tokens +and does not work with OpenID Connect Front- or Back-channel logout. + + @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). + @param id The id of the OAuth 2.0 Login session. + @return ApiRevokeOAuth2LoginSessionRequest +*/ +func (a *OAuth2ApiService) RevokeOAuth2LoginSession(ctx context.Context, id string) ApiRevokeOAuth2LoginSessionRequest { + return ApiRevokeOAuth2LoginSessionRequest{ + ApiService: a, + ctx: ctx, + id: id, + } +} + +// Execute executes the request +func (a *OAuth2ApiService) RevokeOAuth2LoginSessionExecute(r ApiRevokeOAuth2LoginSessionRequest) (*http.Response, error) { + var ( + localVarHTTPMethod = http.MethodDelete + localVarPostBody interface{} + formFiles []formFile + ) + + localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.RevokeOAuth2LoginSession") + if err != nil { + return nil, &GenericOpenAPIError{error: err.Error()} + } + + localVarPath := localBasePath + "/oauth2/auth/sessions/login/{id}" + localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", url.PathEscape(parameterToString(r.id, "")), -1) + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := url.Values{} + localVarFormParams := url.Values{} + + // to determine the Content-Type header + localVarHTTPContentTypes := []string{} + + // set Content-Type header + localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes) + if localVarHTTPContentType != "" { + localVarHeaderParams["Content-Type"] = localVarHTTPContentType + } + + // to determine the Accept header + localVarHTTPHeaderAccepts := []string{"application/json"} + + // set Accept header + localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts) + if localVarHTTPHeaderAccept != "" { + localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept + } + req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles) + if err != nil { + return nil, err + } + + localVarHTTPResponse, err := a.client.callAPI(req) + if err != nil || localVarHTTPResponse == nil { + return localVarHTTPResponse, err + } + + localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body) + localVarHTTPResponse.Body.Close() + localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody)) + if err != nil { + return localVarHTTPResponse, err + } + + if localVarHTTPResponse.StatusCode >= 300 { + newErr := &GenericOpenAPIError{ + body: localVarBody, + error: localVarHTTPResponse.Status, + } + var v ErrorOAuth2 + err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr.error = err.Error() + return localVarHTTPResponse, newErr + } + newErr.model = v + return localVarHTTPResponse, newErr + } + + return localVarHTTPResponse, nil +} + type ApiRevokeOAuth2LoginSessionsRequest struct { ctx context.Context ApiService *OAuth2ApiService diff --git a/internal/httpclient/client/admin/revoke_authentication_session_by_id_parameters.go b/internal/httpclient/client/admin/revoke_authentication_session_by_id_parameters.go deleted file mode 100644 index 2312a4b65c1..00000000000 --- a/internal/httpclient/client/admin/revoke_authentication_session_by_id_parameters.go +++ /dev/null @@ -1,151 +0,0 @@ -// Code generated by go-swagger; DO NOT EDIT. - -package admin - -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - -import ( - "context" - "net/http" - "time" - - "github.com/go-openapi/errors" - "github.com/go-openapi/runtime" - cr "github.com/go-openapi/runtime/client" - "github.com/go-openapi/strfmt" -) - -// NewRevokeAuthenticationSessionByIDParams creates a new RevokeAuthenticationSessionByIDParams object, -// with the default timeout for this client. -// -// Default values are not hydrated, since defaults are normally applied by the API server side. -// -// To enforce default values in parameter, use SetDefaults or WithDefaults. -func NewRevokeAuthenticationSessionByIDParams() *RevokeAuthenticationSessionByIDParams { - return &RevokeAuthenticationSessionByIDParams{ - timeout: cr.DefaultTimeout, - } -} - -// NewRevokeAuthenticationSessionByIDParamsWithTimeout creates a new RevokeAuthenticationSessionByIDParams object -// with the ability to set a timeout on a request. -func NewRevokeAuthenticationSessionByIDParamsWithTimeout(timeout time.Duration) *RevokeAuthenticationSessionByIDParams { - return &RevokeAuthenticationSessionByIDParams{ - timeout: timeout, - } -} - -// NewRevokeAuthenticationSessionByIDParamsWithContext creates a new RevokeAuthenticationSessionByIDParams object -// with the ability to set a context for a request. -func NewRevokeAuthenticationSessionByIDParamsWithContext(ctx context.Context) *RevokeAuthenticationSessionByIDParams { - return &RevokeAuthenticationSessionByIDParams{ - Context: ctx, - } -} - -// NewRevokeAuthenticationSessionByIDParamsWithHTTPClient creates a new RevokeAuthenticationSessionByIDParams object -// with the ability to set a custom HTTPClient for a request. -func NewRevokeAuthenticationSessionByIDParamsWithHTTPClient(client *http.Client) *RevokeAuthenticationSessionByIDParams { - return &RevokeAuthenticationSessionByIDParams{ - HTTPClient: client, - } -} - -/* -RevokeAuthenticationSessionByIDParams contains all the parameters to send to the API endpoint - - for the revoke authentication session by Id operation. - - Typically these are written to a http.Request. -*/ -type RevokeAuthenticationSessionByIDParams struct { - - /* ID. - - The id of the desired grant - */ - ID string - - timeout time.Duration - Context context.Context - HTTPClient *http.Client -} - -// WithDefaults hydrates default values in the revoke authentication session by Id params (not the query body). -// -// All values with no default are reset to their zero value. -func (o *RevokeAuthenticationSessionByIDParams) WithDefaults() *RevokeAuthenticationSessionByIDParams { - o.SetDefaults() - return o -} - -// SetDefaults hydrates default values in the revoke authentication session by Id params (not the query body). -// -// All values with no default are reset to their zero value. -func (o *RevokeAuthenticationSessionByIDParams) SetDefaults() { - // no default values defined for this parameter -} - -// WithTimeout adds the timeout to the revoke authentication session by Id params -func (o *RevokeAuthenticationSessionByIDParams) WithTimeout(timeout time.Duration) *RevokeAuthenticationSessionByIDParams { - o.SetTimeout(timeout) - return o -} - -// SetTimeout adds the timeout to the revoke authentication session by Id params -func (o *RevokeAuthenticationSessionByIDParams) SetTimeout(timeout time.Duration) { - o.timeout = timeout -} - -// WithContext adds the context to the revoke authentication session by Id params -func (o *RevokeAuthenticationSessionByIDParams) WithContext(ctx context.Context) *RevokeAuthenticationSessionByIDParams { - o.SetContext(ctx) - return o -} - -// SetContext adds the context to the revoke authentication session by Id params -func (o *RevokeAuthenticationSessionByIDParams) SetContext(ctx context.Context) { - o.Context = ctx -} - -// WithHTTPClient adds the HTTPClient to the revoke authentication session by Id params -func (o *RevokeAuthenticationSessionByIDParams) WithHTTPClient(client *http.Client) *RevokeAuthenticationSessionByIDParams { - o.SetHTTPClient(client) - return o -} - -// SetHTTPClient adds the HTTPClient to the revoke authentication session by Id params -func (o *RevokeAuthenticationSessionByIDParams) SetHTTPClient(client *http.Client) { - o.HTTPClient = client -} - -// WithID adds the id to the revoke authentication session by Id params -func (o *RevokeAuthenticationSessionByIDParams) WithID(id string) *RevokeAuthenticationSessionByIDParams { - o.SetID(id) - return o -} - -// SetID adds the id to the revoke authentication session by Id params -func (o *RevokeAuthenticationSessionByIDParams) SetID(id string) { - o.ID = id -} - -// WriteToRequest writes these params to a swagger request -func (o *RevokeAuthenticationSessionByIDParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error { - - if err := r.SetTimeout(o.timeout); err != nil { - return err - } - var res []error - - // path param id - if err := r.SetPathParam("id", o.ID); err != nil { - return err - } - - if len(res) > 0 { - return errors.CompositeValidationError(res...) - } - return nil -} diff --git a/internal/httpclient/client/admin/revoke_authentication_session_by_id_responses.go b/internal/httpclient/client/admin/revoke_authentication_session_by_id_responses.go deleted file mode 100644 index 17180098c78..00000000000 --- a/internal/httpclient/client/admin/revoke_authentication_session_by_id_responses.go +++ /dev/null @@ -1,137 +0,0 @@ -// Code generated by go-swagger; DO NOT EDIT. - -package admin - -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - -import ( - "fmt" - "io" - - "github.com/go-openapi/runtime" - "github.com/go-openapi/strfmt" - - "github.com/ory/hydra/internal/httpclient/models" -) - -// RevokeAuthenticationSessionByIDReader is a Reader for the RevokeAuthenticationSessionByID structure. -type RevokeAuthenticationSessionByIDReader struct { - formats strfmt.Registry -} - -// ReadResponse reads a server response into the received o. -func (o *RevokeAuthenticationSessionByIDReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) { - switch response.Code() { - case 204: - result := NewRevokeAuthenticationSessionByIDNoContent() - if err := result.readResponse(response, consumer, o.formats); err != nil { - return nil, err - } - return result, nil - case 400: - result := NewRevokeAuthenticationSessionByIDBadRequest() - if err := result.readResponse(response, consumer, o.formats); err != nil { - return nil, err - } - return nil, result - case 500: - result := NewRevokeAuthenticationSessionByIDInternalServerError() - if err := result.readResponse(response, consumer, o.formats); err != nil { - return nil, err - } - return nil, result - default: - return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) - } -} - -// NewRevokeAuthenticationSessionByIDNoContent creates a RevokeAuthenticationSessionByIDNoContent with default headers values -func NewRevokeAuthenticationSessionByIDNoContent() *RevokeAuthenticationSessionByIDNoContent { - return &RevokeAuthenticationSessionByIDNoContent{} -} - -/* - RevokeAuthenticationSessionByIDNoContent describes a response with status code 204, with default header values. - - Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is - -typically 201. -*/ -type RevokeAuthenticationSessionByIDNoContent struct { -} - -func (o *RevokeAuthenticationSessionByIDNoContent) Error() string { - return fmt.Sprintf("[DELETE /oauth2/auth/sessions/login/{id}][%d] revokeAuthenticationSessionByIdNoContent ", 204) -} - -func (o *RevokeAuthenticationSessionByIDNoContent) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error { - - return nil -} - -// NewRevokeAuthenticationSessionByIDBadRequest creates a RevokeAuthenticationSessionByIDBadRequest with default headers values -func NewRevokeAuthenticationSessionByIDBadRequest() *RevokeAuthenticationSessionByIDBadRequest { - return &RevokeAuthenticationSessionByIDBadRequest{} -} - -/* - RevokeAuthenticationSessionByIDBadRequest describes a response with status code 400, with default header values. - -jsonError -*/ -type RevokeAuthenticationSessionByIDBadRequest struct { - Payload *models.JSONError -} - -func (o *RevokeAuthenticationSessionByIDBadRequest) Error() string { - return fmt.Sprintf("[DELETE /oauth2/auth/sessions/login/{id}][%d] revokeAuthenticationSessionByIdBadRequest %+v", 400, o.Payload) -} -func (o *RevokeAuthenticationSessionByIDBadRequest) GetPayload() *models.JSONError { - return o.Payload -} - -func (o *RevokeAuthenticationSessionByIDBadRequest) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error { - - o.Payload = new(models.JSONError) - - // response payload - if err := consumer.Consume(response.Body(), o.Payload); err != nil && err != io.EOF { - return err - } - - return nil -} - -// NewRevokeAuthenticationSessionByIDInternalServerError creates a RevokeAuthenticationSessionByIDInternalServerError with default headers values -func NewRevokeAuthenticationSessionByIDInternalServerError() *RevokeAuthenticationSessionByIDInternalServerError { - return &RevokeAuthenticationSessionByIDInternalServerError{} -} - -/* - RevokeAuthenticationSessionByIDInternalServerError describes a response with status code 500, with default header values. - -jsonError -*/ -type RevokeAuthenticationSessionByIDInternalServerError struct { - Payload *models.JSONError -} - -func (o *RevokeAuthenticationSessionByIDInternalServerError) Error() string { - return fmt.Sprintf("[DELETE /oauth2/auth/sessions/login/{id}][%d] revokeAuthenticationSessionByIdInternalServerError %+v", 500, o.Payload) -} -func (o *RevokeAuthenticationSessionByIDInternalServerError) GetPayload() *models.JSONError { - return o.Payload -} - -func (o *RevokeAuthenticationSessionByIDInternalServerError) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error { - - o.Payload = new(models.JSONError) - - // response payload - if err := consumer.Consume(response.Body(), o.Payload); err != nil && err != io.EOF { - return err - } - - return nil -} diff --git a/spec/api.json b/spec/api.json index 4a4516ef845..b4e4b36cae1 100644 --- a/spec/api.json +++ b/spec/api.json @@ -2862,42 +2862,6 @@ ] } }, - "/oauth2/auth/sessions/login/{id}": { - "delete": { - "description": "This endpoint invalidates an authentication session by session id. After revoking the authentication session, the\nsubject has to re-authenticate at ORY Hydra for this device/browser. This endpoint does not invalidate any tokens\nand does not work with OpenID Connect Front- or Back-channel logout.", - "operationId": "revokeAuthenticationSessionById", - "parameters": [ - { - "description": "The login session id", - "in": "path", - "name": "id", - "required": true, - "schema": { - "type": "string" - } - } - ], - "responses": { - "204": { - "$ref": "#/components/responses/emptyResponse" - }, - "default": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/errorOAuth2" - } - } - }, - "description": "errorOAuth2" - } - }, - "summary": "Revokes OAuth 2.0 Login Session by session id", - "tags": [ - "admin" - ] - } - }, "/admin/oauth2/introspect": { "post": { "description": "The introspection endpoint allows to check if a token (both refresh and access) is active or not. An active token\nis neither expired nor revoked. If a token is active, additional information on the token will be included. You can\nset additional data for a token by setting `session.access_token` during the consent flow.", @@ -3272,6 +3236,42 @@ ] } }, + "/oauth2/auth/sessions/login/{id}": { + "delete": { + "description": "This endpoint invalidates an authentication session by session id. After revoking the authentication session, the\nsubject has to re-authenticate at ORY Hydra for this device/browser. This endpoint does not invalidate any tokens\nand does not work with OpenID Connect Front- or Back-channel logout.", + "operationId": "revokeOAuth2LoginSession", + "parameters": [ + { + "description": "The id of the OAuth 2.0 Login session.", + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "204": { + "$ref": "#/components/responses/emptyResponse" + }, + "default": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/errorOAuth2" + } + } + }, + "description": "errorOAuth2" + } + }, + "summary": "Revokes OAuth 2.0 Login Sessions of by session id", + "tags": [ + "oAuth2" + ] + } + }, "/oauth2/register": { "post": { "description": "This endpoint behaves like the administrative counterpart (`createOAuth2Client`) but is capable of facing the\npublic internet directly and can be used in self-service. It implements the OpenID Connect\nDynamic Client Registration Protocol. This feature needs to be enabled in the configuration. This endpoint\nis disabled by default. It can be enabled by an administrator.\n\nPlease note that using this endpoint you are not able to choose the `client_secret` nor the `client_id` as those\nvalues will be server generated when specifying `token_endpoint_auth_method` as `client_secret_basic` or\n`client_secret_post`.\n\nThe `client_secret` will be returned in the response and you will not be able to retrieve it later on.\nWrite the secret down and keep it somewhere safe.", @@ -3678,4 +3678,4 @@ ], "x-forwarded-proto": "string", "x-request-id": "string" -} +} \ No newline at end of file diff --git a/spec/swagger.json b/spec/swagger.json index 84ccded8c86..9540c978c45 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -1312,46 +1312,6 @@ } } }, - "/oauth2/auth/sessions/login/{id}": { - "delete": { - "description": "This endpoint invalidates an authentication session by session id. After revoking the authentication session, the\nsubject has to re-authenticate at ORY Hydra for this device/browser. This endpoint does not invalidate any tokens\nand does not work with OpenID Connect Front- or Back-channel logout.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "schemes": [ - "http", - "https" - ], - "tags": [ - "admin" - ], - "summary": "Revokes OAuth 2.0 Login Session by session id", - "operationId": "revokeOAuth2LoginSession", - "parameters": [ - { - "type": "string", - "description": "The login session id", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "$ref": "#/responses/emptyResponse" - }, - "default": { - "description": "errorOAuth2", - "schema": { - "$ref": "#/definitions/errorOAuth2" - } - } - } - } - }, "/admin/oauth2/introspect": { "post": { "description": "The introspection endpoint allows to check if a token (both refresh and access) is active or not. An active token\nis neither expired nor revoked. If a token is active, additional information on the token will be included. You can\nset additional data for a token by setting `session.access_token` during the consent flow.", @@ -1696,6 +1656,43 @@ } } }, + "/oauth2/auth/sessions/login/{id}": { + "delete": { + "description": "This endpoint invalidates an authentication session by session id. After revoking the authentication session, the\nsubject has to re-authenticate at ORY Hydra for this device/browser. This endpoint does not invalidate any tokens\nand does not work with OpenID Connect Front- or Back-channel logout.", + "produces": [ + "application/json" + ], + "schemes": [ + "http", + "https" + ], + "tags": [ + "oAuth2" + ], + "summary": "Revokes OAuth 2.0 Login Sessions of by session id", + "operationId": "revokeOAuth2LoginSession", + "parameters": [ + { + "type": "string", + "description": "The id of the OAuth 2.0 Login session.", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "204": { + "$ref": "#/responses/emptyResponse" + }, + "default": { + "description": "errorOAuth2", + "schema": { + "$ref": "#/definitions/errorOAuth2" + } + } + } + } + }, "/oauth2/register": { "post": { "description": "This endpoint behaves like the administrative counterpart (`createOAuth2Client`) but is capable of facing the\npublic internet directly and can be used in self-service. It implements the OpenID Connect\nDynamic Client Registration Protocol. This feature needs to be enabled in the configuration. This endpoint\nis disabled by default. It can be enabled by an administrator.\n\nPlease note that using this endpoint you are not able to choose the `client_secret` nor the `client_id` as those\nvalues will be server generated when specifying `token_endpoint_auth_method` as `client_secret_basic` or\n`client_secret_post`.\n\nThe `client_secret` will be returned in the response and you will not be able to retrieve it later on.\nWrite the secret down and keep it somewhere safe.", @@ -3536,4 +3533,4 @@ }, "x-forwarded-proto": "string", "x-request-id": "string" -} +} \ No newline at end of file