Merge pull request #123 from particle-iot/feature/expiring-tokens

Add more ways to invalidate access tokens
particle-iot · Jul 28, 2020 · de96e0c · de96e0c
2 parents bccd319 + 35cdc7a
commit de96e0c
Show file tree

Hide file tree

Showing 2 changed files with 78 additions and 3 deletions.
diff --git a/src/Particle.js b/src/Particle.js
@@ -123,16 +123,23 @@ class Particle {
 	 * @param {Object} options.auth       Access token
 	 * @param {Object} options.mfaToken   Token given from previous step to
 	 * @param {Object} options.otp        Current one-time-password generated from the authentication app
+	 * @param {Boolean} options.invalidateTokens Should all tokens be invalidated
 	 * @param {Object} [options.headers]  Key/Value pairs like `{ 'X-FOO': 'foo', X-BAR: 'bar' }` to send as headers.
 	 * @param {Object} [options.context]  Request context
 	 * @returns {Promise} A promise
 	 */
-	confirmMfa({ mfaToken, otp, auth, headers, context }){
+	confirmMfa({ mfaToken, otp, invalidateTokens = false, auth, headers, context }){
+		let data =  { mfa_token: mfaToken, otp };
+
+		if (invalidateTokens) {
+			data.invalidate_tokens = true;
+		}
+
 		return this.post({
 			uri: '/v1/user/mfa-enable',
 			auth,
 			headers,
-			data: { mfa_token: mfaToken, otp },
+			data,
 			context
 		});
 	}
@@ -297,6 +304,23 @@ class Particle {
 		});
 	}
 
+	/**
+	 * Revoke all active access tokens
+	 * @param {Object} options            Options for this API call
+	 * @param {String} options.auth       Access Token
+	 * @param {Object} [options.headers]  Key/Value pairs like `{ 'X-FOO': 'foo', X-BAR: 'bar' }` to send as headers.
+	 * @param {Object} [options.context]  Request context
+	 * @returns {Promise} A promise
+	 */
+	deleteActiveAccessTokens({ auth, headers, context }){
+		return this.delete({
+			uri: '/v1/access_tokens',
+			auth,
+			headers,
+			context
+		});
+	}
+
 	/**
 	 * Delete the current user
 	 * @param {Object} options            Options for this API call
@@ -1065,12 +1089,18 @@ class Particle {
 	 * @param {String} options.auth             Access Token
 	 * @param {String} options.currentPassword  Current password
 	 * @param {String} options.username         New email
+	 * @param {Boolean} options.invalidateTokens Should all tokens be invalidated
 	 * @param {Object} [options.headers]        Key/Value pairs like `{ 'X-FOO': 'foo', X-BAR: 'bar' }` to send as headers.
 	 * @param {Object} [options.context]        Request context
 	 * @returns {Promise} A promise
 	 */
-	changeUsername({ currentPassword, username, auth, headers, context }){
+	changeUsername({ currentPassword, username, invalidateTokens = false, auth, headers, context }){
 		const data = { username, current_password: currentPassword };
+
+		if (invalidateTokens) {
+			data.invalidate_tokens = true;
+		}
+
 		return this.put({ uri: '/v1/user', auth, headers, data, context });
 	}
 

diff --git a/test/Particle.spec.js b/test/Particle.spec.js
@@ -218,6 +218,22 @@ describe('ParticleAPI', () => {
 					});
 				});
 			});
+			it('allows invalidating tokens', () => {
+				return api.confirmMfa(Object.assign({ invalidateTokens: true }, props)).then((results) => {
+					results.should.eql({
+						uri: '/v1/user/mfa-enable',
+						method: 'post',
+						auth: props.auth,
+						headers: props.headers,
+						data: {
+							otp: props.otp,
+							mfa_token: props.mfaToken,
+							invalidate_tokens: true
+						},
+						context: {}
+					});
+				});
+			});
 		});
 
 		describe('.disableMfa', () => {
@@ -306,6 +322,18 @@ describe('ParticleAPI', () => {
 			});
 		});
 
+		describe('.deleteActiveAccessTokens', () => {
+			it('sends request', () => {
+				return api.deleteActiveAccessTokens(props).then((results) => {
+					results.should.match({
+						method: 'delete',
+						uri: '/v1/access_tokens',
+						auth: props.auth,
+					});
+				});
+			});
+		});
+
 		describe('.listAccessTokens', () => {
 			it('sends credentials', () => {
 				return api.listAccessTokens(props).then(({ auth }) => {
@@ -1356,6 +1384,23 @@ describe('ParticleAPI', () => {
 						});
 					});
 			});
+			it('allows invalidating tokens', () => {
+				return api.changeUsername({ auth: 'X', currentPassword: 'blabla', username: '[email protected]', invalidateTokens: true })
+					.then((results) => {
+						results.should.eql({
+							uri: '/v1/user',
+							method: 'put',
+							auth: 'X',
+							headers: undefined,
+							data: {
+								current_password: 'blabla',
+								username: '[email protected]',
+								invalidate_tokens: true
+							},
+							context: {}
+						});
+					});
+			});
 		});
 
 		describe('.changeUserPassword', () => {