Add ability to delete a token (#4235)

Fix #4234

2 files changed, 55 insertions, 0 deletions

diff --git a/integrations/api_token_test.go b/integrations/api_token_test.go
new file mode 100644
index 0000000000..2520f356b7
--- /dev/null
+++ b/integrations/api_token_test.go
@@ -0,0 +1,50 @@
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package integrations
+
+import (
+	"net/http"
+	"testing"
+
+	"code.gitea.io/gitea/models"
+	api "code.gitea.io/sdk/gitea"
+)
+
+// TestAPICreateAndDeleteToken tests that token that was just created can be deleted
+func TestAPICreateAndDeleteToken(t *testing.T) {
+	prepareTestEnv(t)
+	user := models.AssertExistsAndLoadBean(t, &models.User{ID: 1}).(*models.User)
+
+	req := NewRequestWithJSON(t, "POST", "/api/v1/users/user1/tokens", map[string]string{
+		"name": "test-key-1",
+	})
+	req = AddBasicAuthHeader(req, user.Name)
+	resp := MakeRequest(t, req, http.StatusCreated)
+
+	var newAccessToken api.AccessToken
+	DecodeJSON(t, resp, &newAccessToken)
+	models.AssertExistsAndLoadBean(t, &models.AccessToken{
+		ID:   newAccessToken.ID,
+		Name: newAccessToken.Name,
+		Sha1: newAccessToken.Sha1,
+		UID:  user.ID,
+	})
+
+	req = NewRequestf(t, "DELETE", "/api/v1/users/user1/tokens/%d", newAccessToken.ID)
+	req = AddBasicAuthHeader(req, user.Name)
+	MakeRequest(t, req, http.StatusNoContent)
+
+	models.AssertNotExistsBean(t, &models.AccessToken{ID: newAccessToken.ID})
+}
+
+// TestAPIDeleteMissingToken ensures that error is thrown when token not found
+func TestAPIDeleteMissingToken(t *testing.T) {
+	prepareTestEnv(t)
+	user := models.AssertExistsAndLoadBean(t, &models.User{ID: 1}).(*models.User)
+
+	req := NewRequestf(t, "DELETE", "/api/v1/users/user1/tokens/%d", models.NonexistentID)
+	req = AddBasicAuthHeader(req, user.Name)
+	MakeRequest(t, req, http.StatusNotFound)
+}
diff --git a/integrations/integration_test.go b/integrations/integration_test.go
index 664290cc9d..a1e66ffdfd 100644
--- a/integrations/integration_test.go
+++ b/integrations/integration_test.go
@@ -256,6 +256,11 @@ func NewRequestWithBody(t testing.TB, method, urlStr string, body io.Reader) *ht
 	return request
 }
 
+func AddBasicAuthHeader(request *http.Request, username string) *http.Request {
+	request.SetBasicAuth(username, userPassword)
+	return request
+}
+
 const NoExpectedStatus = -1
 
 func MakeRequest(t testing.TB, req *http.Request, expectedStatus int) *httptest.ResponseRecorder {

path: root/integrations

<?php

declare(strict_types=1);

/**
 * @copyright Copyright (c) 2020, Roeland Jago Douma <roeland@famdouma.nl>
 *
 * @author Roeland Jago Douma <roeland@famdouma.nl>
 *
 * @license GNU AGPL version 3 or any later version
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 *
 */
namespace OCA\DAV\Storage;

use OC\Files\Storage\Wrapper\Wrapper;

class PublicOwnerWrapper extends Wrapper {

	/** @var string */
	private $owner;

	/**
	 * @param array $arguments ['storage' => $storage, 'owner' => $owner]
	 *
	 * $storage: The storage the permissions mask should be applied on
	 * $owner: The owner to use in case no owner is found
	 */
	public function __construct($arguments) {
		parent::__construct($arguments);
		$this->owner = $arguments['owner'];
	}

	public function getOwner($path) {
		$owner = parent::getOwner($path);

		if ($owner === null || $owner === false) {
			return $this->owner;
		}

		return $owner;
	}
}