~emersion/sinwon

9113a5a1d1c0edb38d3f10ada12dcd3881d56d9e — Simon Ser 7 months ago 476a359
Delete authorization codes on client revocation
2 files changed, 22 insertions(+), 4 deletions(-)

M client.go
M db.go
M client.go => client.go +1 -1
@@ 158,7 158,7 @@ func revokeClient(w http.ResponseWriter, req *http.Request) {
		return
	}

	if err := db.RevokeAccessTokens(ctx, id, loginToken.User); err != nil {
	if err := db.RevokeClientUser(ctx, id, loginToken.User); err != nil {
		httpError(w, err)
		return
	}

M db.go => db.go +21 -3
@@ 284,12 284,30 @@ func (db *DB) DeleteAccessToken(ctx context.Context, id ID[*AccessToken]) error 
	return err
}

func (db *DB) RevokeAccessTokens(ctx context.Context, clientID ID[*Client], userID ID[*User]) error {
	_, err := db.db.ExecContext(ctx, `
func (db *DB) RevokeClientUser(ctx context.Context, clientID ID[*Client], userID ID[*User]) error {
	tx, err := db.db.BeginTx(ctx, nil)
	if err != nil {
		return err
	}
	defer tx.Rollback()

	_, err = tx.ExecContext(ctx, `
		DELETE FROM AccessToken
		WHERE client = ? AND user = ?
	`, clientID, userID)
	return err
	if err != nil {
		return err
	}

	_, err = tx.ExecContext(ctx, `
		DELETE FROM AuthCode
		WHERE client = ? AND user = ?
	`, clientID, userID)
	if err != nil {
		return err
	}

	return tx.Commit()
}

func (db *DB) CreateAuthCode(ctx context.Context, code *AuthCode) error {